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Outsourcing may save less 
than you think. There are 
hidden costs in evaluating 
the vendors, hiring contract 
managers, traveling over- 
seas, beefing up security and 
paying severance benefits to 
laid-off workers. PAGE 39 
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oun, HP Enhance RISC Chips, _ 
But Opteron May Provide Edge - 


| Demers 


HEWLETT-PACKARD 


® 128-way HP9000 Superdome 
server: Pricing begins at $309,000. 


| 
| 
| 
| @ Entry-level Integrity Server: 
| 


As AMD chip gains 
momentum, HP may 
hav eto alter rappr¢ ach | 


BY PATRICK THIBODEAU 
Sun Microsystems Inc. and 
Hewlett-Packard Co. this week 
plan to announce products 
that reinforce their existing | 
hardware strategies while 
sharpening their differences. | 
Both companies will an- | 
| 
| 
| 


Pricing below $3,000, with two low- 
voltage Intel Itanium 2 processors. 


SUN MICROSYSTEMS 


@ Sun Fire E Series servers: 
Pricing from $50, 000 to $1 million. 


® Opteron systems: One- through 
four-way Servers running Linux and 
Solaris, certified for Windows. Pricing 
was unavailable at press time. 


nounce new RISC chips, and 
both are claiming substantial 
performance gains. 
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But Sun is going a step fur- 
ther. In detailing plans for its 
Opteron-based servers, it said 
it will ultimately produce an 
| caeeway system based on the 
64-bit processor from Ad- 
vanced Micro Devices Inc. It 


° oc ° | 
may become difficult for many 
| companies to ignore the Op- 


teron chip, which is finding a 
home in Linux clusters and 
impressing users. 

One of those users, Dan 
Agronow, vice president of 


| technology at Atlanta-based 
| weather forecasting service 
The Weather Channel Interac- | 


tive Inc., 
servers from IBM but wel- 


is using Opteron 


| comes broader adoption of the 
| chip by hardware vendors. 


“If I can also buy [Opteron- 


| based systems] from HP and 


Sun, that just makes it a more 
compelling choice,” said Agro- 
now, noting that having more 
vendors to choose from typi- 
cally drives down prices. 
Sun’s RISC chip, the Ultra- 
Sparc 4, uses chip multithread- 
RISC Chips, page 16 





= The Pentagon pulls the plug on its Internet voting system. PAGE 6 
@ Oracle undercuts the price of Microsoft’s SQL Server. PAGE 7 
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Amex onthe 
Defensive About 
Offshore Plans 


Financial services firm may move up to 70% 
of development work offshore, sources say 





BY LUCAS MEARIAN 
Despite a denial by Ameri- 
can Express Co., sources fa- 
miliar with the company’s IT 
planning insist that it has an 
internally stated goal to shift 
a major portion of its soft- 
ware development to off- 
shore locations. 

The sources said 
that New York-based 
Amex plans to move 
as much as 70% of 
development work 
offshore. That shift is an on- 
going business objective, 
they said. 

An Amex spokesman last 
week dismissed the 70% fig- 
ure and denied that the fi- 
nancial services company is 
making any fundamental 
shift in the amount of devel- 


| opment work it sends off- 
shore. But one former Amex 
| IT worker, who said he left 


the company because he dis- 


agreed with the offshore pol- 
| icy, hotly disputed that. 


“They tell [the media] one 


| thing and tell us another. I’ve 
seen it. I was there,” 
Wah 3 the former employee 
To read more sto- 


ries on outsourcing, 
visit our Web site: 


QuickLink 22290 


said. “I was the guy 
training these [off- 
shore-worker] green- 
horns. They’re asking 


| me to transfer my skills to 
| someone making $4 an hour.” 


The sources were unable 


| to say what portion of the 
company’s development 

| work is currently handled 

| offshore, and Amex declined 
| to comment, citing a policy 


Amex Offshore, page 53 


Weak Dollar May Raise Costs 


BY PATRICK THIBODEAU 
AND THOMAS HOFFMAN 

U.S. companies that outsource 
work to nearshore and offshore 
developers are facing the pros- 
pect of higher costs as a result 
of the decline in value ot the 
US. dollar. 

While intense competition 
among Indian service providers 
is likely to keep prices for IT ser- 
vices stable in the near term, 


U.S. companies can expect to 
eventually see prices rise as 
those providers try to offset cur- 
rency pressures and rising 
wages, offshore outsourcing 
experts said last week. 

“It's a hit to our bottom line,” 
said Pawan Kumar, chairman of 
Bangalore-based vMoksha 
Technologies, referring to the 
declining dollar. But Kumar said 

Weak Dollar, page 53 
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When it comes to data backup and recovery, you want a reliable, high-performance solution you 
can count on. That's why we've created BrightStor ARCserve Backup Release 11, featuring the 
very latest in storage innovations. BrightStor ARCserve Backup is faster and easier than ever, 
enhancing both efficiency and productivity. And with CA’s superior technology, you can be 
confident your files are properly backed up and will easily be restored should a disaster occur. 
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in the Management section: CIOs need 


to fully investigate a company’s cul 


Low Draw for Smart Cards 

In the Technology section: Smart cards can 
deliver significant security and cost benefits, 
say users. But widespread corporate adoption 
continues to lag because of concerns about 
technology interoperability and cost. Page 30 
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new job, advises former 


CIO Doug Lewis. Page 44 
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meager increase, reflecting 
the effects of the deficit and 
cross-agency efficiency. 


E-voting is mothballed by the 
Defense Department as inse- 
cure, but Michigan still plans 
to use it in the primary. 


Oracle cuts the entry-level 
price of its 10g database to 
compete more aggressively 
with Microsoft. 


Sprint inks a deal to out- 
source its consumer call cen- 
ters to IBM and to team up on 
marketing. 


IBM has a major presence at 
the Eclipse conference, but at- 
tendees are optimistic about 


the technology’s independence. 


Extreme Networks releases 
an edge switch that supports 
Gigabit Ethernet and 10 Gigabit 
Ethernet transmission rates. 


Product life-cycle manage- 


ment can deliver real benefits, 


despite concerns about inte- 
gration complexity and prod- 
uct customization, say users. 


Mydoom’s lesson: Take 
proactive steps to prevent 
DDoS attacks, experts say. 


Regulatory compliance tools 
are emerging, offering users 
Web-based frameworks for 
tracking documents and data. 


IBM announces 15 middle- 
ware bundles targeted at fi- 
nancial services companies, 
banks and insurers. 


Architecture for the Long 
Term. AXA Financial’s central 
vision of a scalable, future- 
proof IT architecture has re- 
mained intact for 13 years. 
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Chaos. Technology futurist 
Christopher Meyer advises 
that as IT matures, users 
should outsource commodity 
IT, embrace the new sciences 
and live on the edge of chaos. 


Security Manager's Journal: 
Postmerger Audit Quashes 
Trust Idea. Performing a 
security audit on a newly 
acquired company and miti- 
gating the vulnerabilities he 
finds distracts Mathias Thur- 
man from Sarbanes-Oxley 


compliance issues. 
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think outsourcing saves big 
money, but the hidden ex- 
penses for things like the 
vendor selection process, 
offshore travel, layoffs and 
managing the contract pull 
lots more dollars out of your 
pocket than the actual con- 
tract price. 
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is a step in the right direction. 
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an exclusive look at how Toy- 
ota test-drives its business in- 


telligence upgrade. 


)} Maryfran Johnson cautions 


that by overhyping worms and 
viruses, security vendors risk 
making users immune to warn- 
ings and setting up a disaster 
when serious threats arise. 


)} Pimm Fox asks, Why would 


IBM spend big bucks to ad- 
vertise Linux during the Su- 
per Bowl? Because you're 
watching. 


Dan Gillmor sees paperless 
and Internet voting as danger- 
ous to democracy and sounds 
a call to arms for IT pros. 


Nicholas Petreley contends 
that Sun’s anxiety about the 
Eclipse Foundation’s indepen- 
dence can be traced to com- 


peting user-interface tools. 


Bart Perkins warns: Monitor 
your outsourcing metrics ef- 
fectively, or get the perfor- 
mance you deserve. 


y Speak Frank 
Hayes writes that educating 
users about how to protect 
their systems against viruses 
and worms is the best defense. 


10 Tips for Offshore 

Project Success 

OUTSOURCING: Effective onshore manage- 
ment is the key to getting benefits promised 
by offshore vendors, according to Craig Rin- 
toul, a senior consultant at the PA Consulting 


Group. @ QuickLink 44488 


Xserve Offers Power, Choice 
MACINTOSH: For administrators at compa- 
nies needing fast, reliable network services, 
the Xserve G5 seems like a dream machine, 
says columnist Ryan Faas. @ QuickLink 44489 


Securing Bluetooth Devices 
MOBILE/WIRELESS: The wireless standard is 
becoming increasingly popular, but it pre- 
sents unique security risks. 
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The Business Case for 

Software Reuse 

DEVELOPMENT: There’s a quick and simple 
way to explain the ROI benefits of reuse to 


management. @ QuickLink 44462 


Five Keys to Identity 


Management Success 

SECURITY: Michel Prompt, founder and CEO 
of Radiant Logic Inc., offers tips on planning 

and deploying identity management technol- 


ogy. @ QuickLink 44539 
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EDS, ee Try » 
Fix Intranet Rollout 


Electronic Data Systems Corp. 
announced a series of changes 
designed to “stabilize” the 
Navy/Marine Corps Intranet pro- 
gram and said it’s writing off 
$559 million worth of deferred 
costs related to the $6.9 billion 
contract. EDS has reorganized its 
N/MCI account team and is work- 
ing with the U.S. Navy to improve 
coordination and develop a more 
predictable rollout schedule. The 
company said the N/MCI write-off | 
and other charges led to a fourth- 
quarter net loss of $354 million. 


ti earn 


Check Point Warns 
Of Flaw in FireWall-1 


Check Point Software Technolo- 
gies Ltd. confirmed that a security 
flaw in its firewall software could 
be used to crash the product and 
might “allow further exploitation.” 
Redwood City, Calif.-based Check 
Point said the flaw poses a threat 
only to customers using the HTTP 
Security Server application proxy 
that comes with the FireWall-1 
tool. The company posted an up- 
grade to fix the problem. 
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Linux Group Seeks 
Entry to Data Center | 


In a bid to accelerate the use of 
Linux in data centers, Open Source 
Development Labs Inc. released a 
document outlining technical ca- 
pabilities that the operating system 
needs in order to run enterprise- 
class applications. The Beaverton, 
Ore.-based consortium, which in- 
cludes IT vendors and Linux users, 
listed and prioritized more than 
300 desired new features. 


Compuware Buys s 
Covisint’s Assets 


Compuware Corp. said it’s buying 
the assets of Covisint LLC, a 
Southfield, Mich.-based vendor of 
business-to-business tools for the 
automotive industry. Detroit- 
based Compuware didn’t disclose 
the purchase price. 


Little Increase in Fed 
_ IT Spending Proposed 


White House 
05 l r budget, 


BY DAN VERTON 


iINGTON 


HE WHITE HOUS! 
last week released 
the details of its pro- 
posed fiscal 2005 
IT budget, which is showing 
signs of increased strain amid 


| a ballooning federal deficit, 


the continued war on terror- 
ism and the urgent demands 
of homeland security. 

The Bush administration re- 
quested $59.8 billion for its 
governmentwide IT budget in 
fiscal 2005 — a trivial increase | 
from the current $59.1 billion —_| 
budget, with homeland securi- 
ty being the main growth area. 
While the IT budget for civil- 
ian agencies increased by a 
mere 1% and defense just 2% 
compared with this year’s, the 
Department of Homeland Se- 
curity’s proposed IT budget 
grew by more than 8%. 

Karen Evans, administrator 
for e-government and IT at 
the Office of Management and 
Budget and director of the fed- 
eral CIO Council, said that de- 
spite the meager increase out- 
side of homeland security, the 
IT budget is a “good-news sto- 
ry” that shows that govern- 
ment agencies are making real 
progress in IT management. 

The whole premise was to 
get agencies to look at their IT 
portfolios as a whole and pri- 
oritize, said Evans, referring to 
the guidance given to agency 
CIOs by the OMB. Another 
key intent of the process was 
to force agency CIOs to plan 
for common IT systems that 
can be used governmentwide. 

In fact, Evans said, agencies 
DHS that are about 
to move forward on human re- 


such as the 


—_— me } 


) arly-warning system 
att 44604 
www.computerworld.com 


| and enhancement 


asks for 8% more in DHS 
1%-2% for other 


agencies 


and financial manage- 
ment contracts must ensure 
that those programs and con- 
tractors are flexible enough to 
migrate to a common, govern- 
mentwide system once it has 
been selected. 

“We don’t want to stop 
something if they’re on the 
cusp of being successful. But 
we do want to make sure that 
it can marry up with the com- 
mon solution,” she said. 

Evans acknowl- 


sources 


| edged that security 


remains a key factor 
in determining how 
much new money 
agencies will have to 
spend on IT infra- 
structure develop- 
ment, modernization 


(DME). In addition 
to a cut of 5.66% in 
this year’s budget for 


KAREN EVANS 


says security drives 
federal IT budget 
Troe 


DME projects, agencies are 
being forced to first demon- 
strate that they have the ap- 
propriate security protections 
in place before they are al- 
lowed to deploy new systems. 
And money for security im- 
provements may have to come 


| out of DME funds at some 
| agencies, Evans said. 


Customs and border protec- 
tion, as well as initiatives 
aimed at port, transportation 
and immigration security, re- 
main driving forces behind the 
DHS IT budget increase. 

Of the $890 million added to 
the budget of the 
Transportation Secu- 
rity Administration, 
nearly 15%, or $131 
million, has been ear- 
marked for a DHS- 
wide strategy gov- 
erning access con- 
trol, real-time valida- 
tion of identities and 
the determination of 
access privileges at 
secure TSA sites. 
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2005 IT Budget 


@ Defense Department 


@ Homeland security 
(civilian agencies, 
excluding Commerce) 


Other 
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Also important to the DHS 
is a significant increase in 
money for the financial man- 


| - : 
agement goals of the massive 


new agency. The president’s 
fiscal 2005 budget proposal 


| nearly doubles funding for 
| the DHS’s E-Merge program 


to $81 million. The goal of 
E-Merge is to integrate and 
streamline the DHS’s finan- 
cial and acquisition man- 
agement systems across its 
22 federal departments. 


@ 44603 





Pentagon Drops Web Voting 
Plans for Military Personnel 


BY TODD R. WEISS 
The Department of Defense 
has decided, at least for now, 
to drop its efforts to give over- 
seas U.S. military personnel 
voting access over the Inter- 
net, because of concerns about 
the security of the system. 

In a Jan. 30 memo to David 
Chu, the undersecretary of 
Defense for personnel and 


readiness, Deputy Secretary of 


Defense Paul Wolfowitz wrote 
that “in view of the inability to 
ensure legitimacy of votes that 
would be cast in the SERVE 
Internet voting project, there- 
by bringing into doubt the in- 
tegrity of the election, I here- 


| by direct you to take immedi- 


ate steps to ensure that no vot- 
ers use the system to register 
or vote via the Internet.” 


The memo was released 
Thursday by a Pentagon 
spokesman who was asked 


| about the status of the contro- 


versial voting program known 
as the Secure Electronic Reg- 
istration and Voting Experi- 
ment, or SERVE. 


Not Dead Yet 


Wolfowitz wrote in the memo 
that “efforts will continue to 


| demonstrate the technical 


ability to cast ballots over the 
Internet.” He added that he 
might reconsider his decision 
“if it can be shown that the in- 
tegrity of the election results 
can be assured.” 

The Wolfowitz memo came 
nine days after four technolo- 
gy experts criticized SERVE in 
a 34-page report to the De- 


| quickly,” 





fense Department's Federal 
Voting Assistance Program 
(QuickLink 44219]. 

One of the writers of the re- 
port, Barbara Simons, a former 
president of the Association 
for Computing Machinery, said 
she’s pleased with the deci- 
“We're moving ahead too 
she said. “It’s possible 
in the foreseeable future that it 
will be safe to vote on the In- 
ternet, but it may never be.” 

One problem is that, unlike 
with paper ballots and voting 
machines, there’s no audit trail 
for online votes, so there’s no 
way to be certain whether 
votes are counted, Simons said. 

“Our great fear is that there 
will be a major move to Inter- 
net voting, which I personally 
feel is a threat to our democra- 


sion. 


| cy. The bottom line is we 


could have our president se- 
lected by [hackers in] Iran,” 


; Simons said. “We basically 


feel they are trying to solve 
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Oracle Challenges Microsoft in Low-End Database Market 


Cuts entry-level 
price of 10g to 
$4,995 per CPU 


BY MARC L. SONGINI 
Taking aim at Microsoft 
Corp.’s low-end database dom- 
inance, Oracle Corp. last week 
slashed the price of the entry- 
level version of its 10g soft- 
ware to slightly undercut the 
cost of Microsoft SQL Server. 
Oracle said the list price of 
the 10g Standard Edition One 
release has been reduced to 
$4,995 per processor, a $1,000 
drop from the company’s pre- 
vious low-end database pric- 
ing. In comparison, SQL Serv- 
er starts at $4,999 per CPU. 
Oracle also cut the price of 
its named-user license for 
Standard Edition One, which is 
designed for small businesses 
and departmental applications. 
In addition, it doubled the 
number of processors that the 
software can support to two. 
In a related move, Oracle 
said it will throw in its Real 
Application Clusters (RAC) 
technology at no extra charge 
for users of 10g Standard Edi- 


an impossible problem.” 

Polli Brunelli, director of 
the Federal Voting Assistance 
Program, wasn’t available for 
comment. 

While the military looks 
for a solution to the security 
problem, online voting is set 
to take place this week for the 
first time in the Michigan De- 
mocratic caucuses, according 
to Simons. That’s worrisome, 
she said, because “this is a 
much, much harder problem 
than trying to do commerce 


over the Internet.” @ 44605 


The bottom 
line is we 
could have our pres- 

ident selected by 


BARBARA SIMONS, 
FORMER PRESIDENT, ASSOCIATION 
FOR COMPUTING MACHINERY 


tion, another release that sup- 
ports up to four processors. 
The 10g databases were an- 
nounced in September and be- 
came available late last month. 

Oracle’s new pricing “is lev- 
eling the playing field, and the 
competition is not so much 
based on dollars as features,” 
said Kim Floss, a database ad- 
ministrator and president of 
the database-oriented Interna- 
tional Oracle Users Group in 
Chicago. The ability to run 10g 
Standard Edition One on two- 
processor servers is also a big 
gain for users, Floss said. 


Seeking Savings 

Pat Dues, project officer for 
the city manager’s office in 
Las Vegas, said the pricing 
moves should help Oracle 
compete against both SQL 
Server and IBM’s low-end 
DB2 offerings. 


PRICING CHANGES 
Oracle Database 10g Standard Edition One 


Named-user licenses* 


The Las Vegas municipal 
government next year plans to 
upgrade to the upcoming Ver- 
sion lli.1 of Oracle’s E-Busi- 
ness Suite of business applica- 
tions and add new modules, 
such as its project manage- 
ment software. Dues said she 
will consider using the new 
database pricing to cut costs 
as part of the upgrade process. 

“We think it’s a very posi- 
tive announcement,” she said. 
“Everybody wants to look at 
Ways to save money.” 

Chuck Phillips, one of Ora- 
cle’s two presidents, said in a 


EMC Upgrades Symmetrix 
As Part of Storage Overhaul 


BY LUCAS MEARIAN 
EMC Corp. today plans to an- 
nounce upgrades of all of its 
disk arrays and network-at- 
tached storage (NAS) devices, 
as well as some of its key stor- 
age management applications. 

The rollout includes the 
second generation of EMC’s 
high-end Symmetrix DMX ar- 
rays, which debuted last Feb- 
ruary. Raw storage capacity 
remains unchanged at 84TB, 
but EMC said it increased the 
speed of the processor built 
into the arrays to 1 GHz, dou- 
bled the amount of cache 
memory to 256GB and added 
15,000 rpm Fibre Channel disk 
drives. That’s double the 
throughput of the lGbit/sec. 
drives EMC previously used. 

EMC is also introducing an 
NS700 NAS device with a file 
server head that can be re- 
moved and used as a gateway 
between servers and storage- 
area networks, in addition to 
upgraded models of its Clari- 
ion midrange arrays. 

The new hardware and soft- 


ware supports EMC’s emerg- 
ing information life-cycle 
management (ILM) strategy, 
which is designed to provide 
tools that can automatically 
migrate data to different types 
of storage devices and manage 
it from creation to deletion. 
Ohio Savings Bank recently 
installed about 30TB of tiered 
storage capacity from EMC as 
part of an ILM architecture. 
CTO Jo Ann Boylan said the 
bank uses Symmetrix DMX for 
primary data storage, Clariion 
CX600 arrays for secondary 
storage, Celerra file servers for 
sharing files, and Centera 
Compliance Edition devices 
for archiving information. 
Although the storage infra- 
structure isn’t being automati- 
cally managed, Boylan said 
storing data on different me- 
dia according to the impor- 
tance and age of the informa- 
tion is expected to save the 
bank millions of dollars. “We'll 
get huge lift out of this in how 
we manage storage,” she said. 
Matt Speare, director of IT 


AY Lhe Ms ims 


SYR lean ae ae 
$149 per user 


meeting with analysts two 
weeks ago that the company 
planned to take on Microsoft 
aggressively in the low-end 
market [QuickLink 44394]. 
Che new pricing was de- 
signed to be “extremely com- 
petitive,” said Jacqueline 
Woods, vice president of glob- 
al practices, pricing and li- 
censing strategy at Oracle, in 
an interview last week. Woods 
said 10g also comes with a 
simplified management inter- 
face, and she noted that the 
RAC technology wasn’t even 
availabie ‘or the Standard 


infrastructure and security, 
added that the bank now also 
has a single, enterprisewide 
view of its storage architecture. 
EMC said one of the key 
ILM-related upgrades being 
announced this week is the 
addition of support for the 
Storage Management Interface 
Specification to its manage- 
ment software. SMI-S is a set 
of common models and proto- 
cols designed to let storage 
management applications con- 
trol storage devices made by 
different hardware vendors. 


More New 
Products 


CENTERA: EMC's disk array for 
archiving e-mail and other fixed 
data now includes mainframe 


CONTROLCENTER: The upgrad- 
ed storage management s 

can view EMC's NAS device 

they were part of aSAN 


AUTOSWAP-: It works in con- 
junction with EMC's Symmetrix 
Remote Data Facility software to 
migrate data between main- 
frames and Symmetrix arrays 
without disrupting applications 
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Edition release before. 

Tom Rizzo, director of SQI 
Server product management 
it Microsoft, downplayed the 
pricing moves. Even if Oracle 
lowered the price of its data- 
base to nothing, the mainte- 
nance and support costs 
would still outweigh the cost 
of running SQL Server, Rizzo 
claimed. “What about report- 
ing, OLAP and data mining? 
That’s all included in SQI 
Server,” he added. 

List prices are “relatively 
unimportant” because data- 
base vendors typically offer 
discounts to users, said Mike 
Schiff, an analyst at Current 
Analysis Inc. in Sterling, Va 
What really counts is the an- 
nual cost of maintaining the 


software, he noted. @ 44578 
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QuickLink 44583 
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EMC is adding SMI-S compli- 
ance to Symmetrix models 
that date to 1997 and to Clari- 
ion arrays from 2000 on, said, 
Chuck Hollis, its vice presi- 
dent of platform marketing. 

Peter Gerr, an analyst at En- 
terprise Storage Group in Mil- 
ford, Mass., said SMI-S sup- 
port is important for EMC be- 
cause some of its top storage 
rivals have already announced 
compliant products. 

Gerr added that he’s im- 
pressed by EMC’s ability to 
choreograph a complete prod- 
uct relaunch while it absorbs 
three major software vendors 
it has either bought or agreed 
to acquire since July. 

“Anyone who thought their 
binge of software acquisitions 
was going to distract them 
from their bread-and-butter 
business of selling world-class 
storage systems is wrong,” he 
said. “This reinforces the fact 
that they’re still a storage 


company.” @ 44597 
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HP Agrees to Buy 
Tools Vendors . . . 


Hewlett-Packard Co. is buying 
management tools vendors No- 
vadigm Inc. and Consera Soft- 
ware Corp. HP plans to combine 
Novadigm’s automated systems- 
configuration management soft- 
ware and Consera’s IT resources 
mapping tools with its OpenView 
product line. It will pay about 
$122 million for Mahwah, N.J.- 
based Novadigm. Terms of the 
deal with Bellevue, Wash.-based 
Consera weren't disclosed. 
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_..and Renews IT 
Deal With Nokia 


In other HP news, the company 
said it has tentatively agreed to 
renew and expand an IT out- 
sourcing contract with Nokia 
Corp. that was signed in Sep- 
tember 2001. The deal is being 
extended by five years, to 2009. 
HP manages global IT infrastruc- 
ture operations for Nokia, which 
last month agreed to outsource 
its desktop systems and some of 
its help desk operations to IBM. 


2D RS MeN RE ERE aeRO 


Microsoft Patches 
IE Security Flaws 


Microsoft Corp. released a soft- 
ware patch to plug three security 
holes in its Internet Explorer Web 
browser. The company said it is- 
sued the update outside of its 
monthly patch cycle because of 
the seriousness of the flaws. The 
update includes an antiphishing 
change, plus fixes for vulnerabili- 
ties that could let attackers run 
malicious code on computers. 


Sun Adds Apps 
For Solaris on Intel 


Sun Microsystems Inc. intro- 
duced a version of its StarOffice 
7 desktop applications suite for 
use on Intel-based systems run- 
ning the Solaris operating sys- 
tem. The company said it plans 
to release a full set of its Java 
Desktop System software for So- 
laris x86 later this year. 


NEWS 
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‘loyota Scours Hyperion 
Beta Before ... 


... it rolls out the final release late this month. “We’ve been testing the 
[Hyperion Performance Suite] beta since October,” says Mike Burkes, 
data technology manager at Toyota Motor Sales USA Inc. in Torrance, 
Calif. “We’ve thoroughly tested it for three or four thousand hours because 
the business applications that use it are so important.” In two weeks, 
Sunnyvale, Calif.-based Hyperion Solutions Corp. will announce the 


general availability of Version 8.2 of the 
business intelligence software it acquired 
with Brio Software Inc. last fall. The new 
version adds full support for Linux, guid- 
ed analysis, dashboard features, Web ser- 
vices hooks and integration with unstruc- 
tured data. Burkes appreciates those fea- 
tures but is mostly jazzed by the improved 
management and performance, which are vi- 
tal for culling through data that’s updated 
with 10 miilion transactions per day. 
Burkes says that with 8.2, he’ll be able to 
consolidate the software on fewer 
servers, yet still be able to handle the 
end-of-month spikes in demand. Burkes 
also likes the distrib- 
uted administration 
features. “We don’t 
have to manage user 
roles because business 
units will be able to set 
them up,” he says. Al- 
though only one execu- 
tive among the 2,700 
users of the software 
within Toyota is testing 


| Web I can put in the dashboard.” Even, 

| he admits, data from competing business 
| intelligence software from the likes of 

| Cognos Inc. and Actuate Corp. ® Toyota 


honchos may need to minimize their 


| dashboards sometime in the near future 
| if they join online conferencing sessions 


run by Raindance Communications Inc. 
Later this quarter, the Louisville, Colo., 
conferencing service provider will unveil 


| its updated service, code-named K2, which 
| will include interactive video. The Meeting 


Eset LLC in Coronado, Calif., will an- 
TR Ri LSU Urls Aes 
NOD32 Remote Administrator, which 
lets systems administrators install or 
update thousands of NOD32 antivirus 
programs on PCs across a LAN or 
WAN. The antivirus software can 


Edition will be able to handle dozens of 
users during a single session. K2’s tight 
integration with audio means that video 


will automatically shift | 


to the speaker. Or a 
participant can hold 
the video on a single 
person, either the 
best-looking or, most 
likely, the most senior 
attendee, says Todd 
Vernon, Raindance’s 
chief technology offi- 
cer. “Video gives you 


the product’s dash- 
board, Burkes calls it “a 
big deal” because “any- 


scan up to 5,800MB of executable 

Li Cee clase MMMM Cee Ceti te 
Ste mM TURIN! plist. g 
licenses and starts at $261. 


nuance,” he maintains. 
“So, you'll know when 
to stop talking if the 
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Although Vernon acknowledges that the 


| combination of video with voice has been 
| slow to catch on since AT&T introduced 

| the notion at the 1964 World’s Fair, he 

| thinks improvements in the technology 

| and the difficulty of business travel in 

| this post-9/1l world change the equation. 
| “Besides, it’s pretty freakin’ valuable to see 

| someone on video,” he exclaims. ® It’s likely 


you'll be seeing many more Web services 


| applications this year. Ed Horst, vice 


president of marketing at AmberPoint 
Inc. in Oakland, Calif., brags that his com- 


| pany had its best financial period ever in Q4 


of last year and he says the current fiscal 
quarter will beat that. The Web services 
management company hopes that the 


| shipment later this month of AmberPoint 
2004 Release 1 will spur even more sales. 
| The updated software is designed to let 


you monitor Web services applications 
from the start of their HTTP traffic 
through all the XML and SOAP transac- 


| tions. It also adds a T-filter agent, which 
| prevents data in packets from being altered 
| and manages UDDI registration. And the 


update adds IBM WebSphere server sup- 
port to its Tomcat and .Net offerings. 
Pricing starts at around $50,000. ® “An 
e-commerce Web site is the most complex 
technical system on the planet,” argues 
Steve Kusmer, CEO of Atomz Corp. in 
San Bruno, Calif. Perhaps. But even if 
you think they’re a snap to deploy, you 
should take a gander at Atomz’s updates 
to the hosted Web commerce operations 


| the company sells. The improvements 
| include a guided shopping capability 


that speeds buyers’ navigation to online 


| offerings and a new content-management 

| engine that propagates changes in one 

| area of a Web site to all related sections. 
And it’s pretty fast, Kusmer boasts. The 


search engine can handle 400 searches per 


| second, he claims. The new services get 
| turned on this week. @ 44586 


thing I can put on the 


BY MATT HAMBLEN 

Sprint Corp. and IBM last 
week announced a five-year, 
multibillion-dollar call center 
outsourcing deal and said 
they’re also working together 
to offer Sprint’s network ser- 
vices to corporate users. 

For example, Sprint said it’s 
investing about $100 million to 
adopt IBM’s Service Provider 
Delivery Environment (SPDE) 
technology architecture, a set 
of products and services de- 


| signed to help IT managers 
| develop secure real-time mo- 


bile access to e-mail systems 


| and other corporate applica- 


tions. Sprint’s adoption of 


| SPDE will let the telecommu- 
| nications carrier provide mo- 
| bile data access via its Sprint 


PCS wireless network and its 
voice and data networks. The 


| biggest market need is giving 


mobile users secure access to 


| sales force automation appli- 


cations, Sprint President Len 


| Lauer said at a press briefing. 


Sprint and IBM have been 


| working on SPDE for several 


months and are deploying 


boss is looking bored 


Sprint, IBM Combine on Network Services 


| IBM middleware on a range of 
| mobile devices at early adopter 
| sites, said Terry Yu, vice presi- 
| dent of product management 


and development at Sprint. 


| Prior to the SPDE collabora- 
| tion, the two companies 
| worked with the Air Force 


Materiel Command's logistics 
center at Hill Air Force Base 
in Ogden, Utah, to deploy 
Pocket PC devices for wireless 
access to e-mail and calendar 
functions [QuickLink 38340]. 
The $100 million investment 


| in SPDE is small compared 


‘ 





| with the cost of Sprint’s con- 
sumer call center outsourcing 
| 


deal with IBM. But the SPDE 
plan is “strategically impor- 


| tant” to Sprint in its battle 


with other carriers for corpo- 
rate users, said Lisa Pierce, an 
analyst at Forrester Research 


| Inc. “This move will help 
| them get into the largest com- 
| panies,” she said. 


IBM will manage 22 Sprint 
call centers and the IT sys- 
tems that support them as part 
of the agreement. Lauer said 
Sprint expects the deal to low- 
er its customer service costs 
by $550 million over the next 


three years. @ 44581 











Can your network turn 
business as we know it into 
“-business.as we want it? 
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KEY NEW FEATURES 


IBM Shows Strength in Eclipse 30 


Numbers at EclipseCon 


Conference draws over 200 companies, 
but IBM’s presence at event looms large 


BY CAROL SLIWA 


BM OFFICIALS said the 

turnout for last week's in- 

augural EclipseCon 2004 

exceeded their expecta- 
tions by drawing 634 paid at- 
tendees from 226 companies 
and 23 countries. 

But while that may reflect 
the broadening in- 
terest and, in some 
cases, even enthu- 
siasm that some 
dev elopers have 
for the open- 
source Eclipse 
platform, tools and plug-ins 
that IBM created, there also 
was no doubt which company 
maintained the heaviest pres- 


f 


ence at the event. 

IBM employees easily out- 
numbered the contingent that 
any other company sent to 
EclipseCon. The company’s 
127 paid attendees represented 
20% of the total. And there 
may have been more, since the 
figures reflect only paid atten- 
dance, a spokeswoman said. 

“It just still shows no matter 
what, especially in the begin- 


weigi 1e SWT vs 
Swing debate. Page 36 


ning, that IBM is still going 
to be the primary driver of 
Eclipse as far as where it’s go- 
ing,” said Thomas Murphy, an 
analyst at Stamford, Conn.- 
based Meta Group Inc. 

Murphy said he’s interested 
to see how new board mem- 
bers influence the direction of 
Eclipse as its management or- 
ganization transi- 
tions to an inde- 
pendent entity and 
how closely they 
will follow stan- 
dards produced by 
the Java Communi- 
ty Process (JCP) that Sun Mi- 
crosystems Inc. established to 
evolve Java technology. 

But several of the 58 mem- 
bers of the newly independent 
Eclipse management organiza- 
tion said they were pleased to 
see IBM relinquish control of 
Eclipse, are convinced that 
IBM is committed to open de- 
velopment and expect to play 
an influential role in setting 
Eclipse’s direction. 

David Mercer, CEO of Scapa 
Technologies Ltd. in Edin- 
burgh, said his 25-person com- 


Petreley 
S 


Lee Nackman, vice president 
of desktop development tools 


| pany has expertise in testing 


and performance tools and 
was welcomed by IBM and 
other large vendors. 

“We're setting up a test and 
performance infrastructure for | 
Eclipse upon which test tools 
will be built,” he said. “We're 
running this project, and we’re | 
a small company. Quite clearly, | 
IBM could just come in, but 
they haven’t done that.” 

But IBM clearly wili still be 
a major force behind Eclipse. 


and chief technology officer of | 
IBM’s Rational software divi- 
sion, said the company has no 
plans to cut back on its com- 


| mitment now that more ven- 


dors will be sharing the man- 
agement load. 

“Eclipse is really important 
to IBM. I’m basing my whole 
tool product line on the 


| Eclipse technology. This is not 


a game for us,” Nackman said. 
He noted that some of the 
IBM attendees at last week’s 
conference were part of the 
Eclipse development team and | 
others are developing IBM 
products that use Eclipse. 
Beyond the IBM employees 
and Eclipse members, the gen- 


Sun Official Delivers Conference Keynote 


ANAHEIM, CALIF 


Sun Microsystems is one of the 
prominent Java vendors that de- 
cided not to participate in the 
newly independent, nonprofit 
corporation that rival IBM spun 
off to manage the open-source 
Eclipse development framework 
it created. 

But that decision didn’t stop 
Sun from accepting an invitation 
to speak at the inaugural Eclipse- 
Con here. Simon Phipps, Sun's 
chief technology evangelist and a 
former IBM employee, noted that 
a conversation with one of his 
former colleagues led to the 
speaking engagement. “I'm here 


really because there's no ax to 
grind between Sun and Eclipse,” 
Phipps told more than 250 con- 
ference attendees. 

The Sun official steered clear 
of controversy during the main 
portion of his keynote, preferring 
to focus on the history of open- 
source software development 
and draw comparisons to the rise 
of craft guilds prior to the indus- 
trial revolution. But when he 
opened the floor to questions, he 
got the one he anticipated. 

Phipps told the group that Sun 
“might very weil” join Eclipse, if 
the conditions that originally 
caused the company to decline 


the invitation have changed. Sun, 
in a statement issued days be- 
fore the EclipseCon kickoff, said 
the “sticking points” were busi- 
ness-related, not technical. 
Sun's commercial tools are 
based on its NetBeans open- 
source development environ- 
ment, and the company, in its 
statement, objected to what it 
called “the required mandatory 
transition to the Eclipse platform” 
that it claimed it would have to 
make by joining the organization. 
But Lee Nackman, vice presi- 
dent of desktop development 
tools at IBM, said no such re- 
quirement exists, so he sees no 


ALLOWS developers to embed 
Swing components and Abstract 
Window Toolkit widgets within a 
user interface built on Eclipse’s 
Standard Widget Toolkit. Swing/ 
AWT interoperability is supported on 
Windows; Linux work is ongoing. 


INTRODUCES Rich Client Plat- 
form, which allows developers to 
use a subset of the Eclipse develop- 
ment tool platform to build applica- 
tions that aren't integrated develop- 
ment environments, such as busi- 
ness applications with a Windows- 
based graphical user interface. 


| eral attendees showed keen in- 
| terest in new features in the 


Eclipse 3.0 release that’s due 
to be finalized in June. 

One feature that caught the 
attention of several confer- 
ence attendees was the work 


| done to allow Swing compo- 

|} nents and Abstract Window 

| Toolkit (AWT) widgets to be 

| embedded in an interface built 


on Eclipse’s Standard Widget 
Toolkit (SWT). Swing and 


| AWT, which are used to build 
| graphical user interfaces, were 
| endorsed by the JCP. But IBM 
| broke ranks when it intro- 


duced its SWT widgets. IBM 


| officials said Swing/AWT in- 


teroperability is solid now on 


| Windows, but there’s still 
| more work to do on Linux. 


reason why Sun won't join in. 

Although Phipps didn’t rule out 
the possibility, he also said that it 
would be best for the Java com- 
munity if the newly independent 
Eclipse organization joined the 
Java Tools Community that 10 
vendors - led by by Sun, Oracle 
Corp. and BEA Systems Inc. - 
forged last month. 

“Then all the vendors that 
make Java tools would be able 
to get together and solve our 
shared problems,” he said. 

Phipps said he would also love 
to see Eclipse explore the possi- 
bility of participating in the JCP 
that Sun established to evolve 
Java. 

- Carol Sliwa 


RCP significantly reduces the 
amount of code a developer needs 
to write to build the user interface. 
PROVIDES new ways to customize 
the Eclipse workbench user inter- 
face to show only the subset of func- 
tionality a certain developer or set of 
developers may need. 


IMPROVES the responsiveness of 
the user interface by allowing opera- 
tions such as builds and searches to 
run asynchronously in the back- 
ground, so users don’t have to wait 
for long operations to finish. 


Rich Main, director of Java 
development environments at 


| SAS Institute Inc., said the 

| company’s goal is to port its 

| AppDev Studio tool to Eclipse. 
| But he noted that SAS has de- 
veloped a large set of Swing 


components and it would be 
too expensive to reimplement 
them on SWT. 

John Repko, a computer en- 


| gineer at the Naval Undersea 
| Warfare Center in Newport, 

| R.L, said he needs to make 
sure that commercially avail- 
| able Swing-based map appli- 
| cations will run in an Eclipse 
| application. “Not having to 


write that ourselves is impor- 


| tant,” he said. 





Another new feature in 


| Eclipse 3.0 that developers 


flocked to hear about in pre- 


| sentations was the Rich Client 


Platform, which will signifi- 
cantly reduce the amount of 


| ; Z 
code needed to write graphi- 


cal user interfaces. The 


| Eclipse RCP effort is intended 


to enable developers to build a 
wide range of business appli- 
cations — not just integrated 


| development environments. 


A developer at a defense 
contractor who asked not to 


| be identified said that his 


company doesn’t currently use 
Eclipse and that the technolo- 
gy’s security isn’t as mature as 


| he had hoped it would be. He 
| said he is also concerned 


about the learning curve but 
expects to recommend Eclipse 
to his company “because any 
other way we’d go, we’ve have 
to start from scratch.” @ 44611 
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Great Moments at Work. 


Introducing the new Microsoft Office System. 


_ Now users can do more for themselves so you can 

_ focus on the important things. That's because with 
the Microsoft® Office Project Server and Project 

Professional 2003, users have visibility into all of their 

projects, including integrated costs from business 
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Novell Names SUSE 
CEO to Europe Job 


Novell Inc. appointed Richard 
Seibt, head of its recently ac- 
quired SUSE Linux business unit, 
to take over as president of the 
software vendor's European oper- 
ations. Seibt, who was CEO of 
SUSE Linux AG prior to its acqui- 
sition by Novell, will be responsi- 
ble for ali day-to-day operations 
in Europe. He replaces Gerard 
Van Kemmel, who was named 
chairman of European operations. 


Federal Agencies 
Appoint New ClOs 


Two federal agencies named new 
CiOs. The Department of Veterans | 
Affairs tapped Robert McFarland, 
formerly head of government re- 
lations at Dell Inc., to be its assis- 
tant secretary for IT and ClO. And 
the Export-Import Bank of the 
U.S. said Fernanda Young will 
take over as its CIO today. She 
held a similar job at the Federal 
Energy Regulatory Commission. 


Cisco Reports 15% 
Revenue Gain. . . 


Cisco Systems Inc. reported a 
15% year-over-year increase in 
revenue for its second quarter, 
which ended Jan. 24. Profits fell 
27% but would have risen if not 
for a $567 million charge. Cisco 
said component supply problems 
that hurt shipments early in the 
quarter have largely been fixed. 
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_.. And Warns of 
Software Flaw 


Cisco also issued an advisory 
about a software vulnerability 
that affects some configurations 
of its 7600 series routers and its 
Catalyst 6000 and 6500 switch- 
es. The flaw could be used to 
freeze the devices or for denial- 
of-service attacks, said Cisco, 
which posted upgrades to fix it. 


Extreme Switch Boosts 


Power at Network Edges 


Device includes Gigabit Ethernet ports 
and support for l1OGbit/sec. connections 


BY MATT HAMBLEN 
XTREME NETWORKS 
Inc. last week an- 
nounced a switch for 
use in wiring closets 
at network edges. It’s the first 
device of its kind to provide 
two 10 Gigabit Ethernet up- 
links to core networks, accord- | 
ing to analysts. 

In addition to the optional 
10 Gigabit Ethernet connec- 
tions, the Summit 400-48 
switch includes 48 ports that 
each support up to Gigabit 
Ethernet transmission rates to 
desktop PCs and servers, said 
Varun Nagaraj, vice president 
of product management at Ex- 
treme in Santa Clara, Calif. 

Installing the switches will 


| help companies “eliminate up- 


grade cycles” as IT managers 


Mobile Software Gets | 
Pocket PC Support | 


| Provident, the largest disabili- 
ty insurer in the U.S., plans 


BY BOB BREWIN 

Good Technology Inc. last 
week announced a version of 
its messaging and remote data 
access software that supports 
handheld devices running Mi- 
crosoft Corp.’s Pocket PC op- 
erating systems, as well as 
hardware from palmOne Inc. 
and Research In Motion Ltd. 

Release 3.0 of the GoodLink 
software also supports the Ad- 
vanced Encryption Standard 
(AES) and will be bundled 
into Good Technology’s own 
line of handheld computers, 
said Susan Forbes, vice presi- 
dent of product marketing at 
the Sunnyvale, Calif.-based 
company. 

Earlier GoodLink versions 
primarily supported delivery 
of corporate e-mail to wireless 
devices. But GoodLink 3.0 can 
work with the Pocket PC ver- 


| at faster speeds, Nagaraj said. 


| connections to the desktop is 
| limited now but is growing 
| among power users and IT 
| shops that want to connect 


| IDC analyst Abner Germanow. 
| He added that Extreme is the 

| first vendor he knows of to of- 
| fer an edge switch with dual 

| 10 Gigabit Ethernet ports. 


| North Bronx Healthcare Net- 


| said he plans during the next 


| combination will provide “a 

| laptop experience” to users of 
| Pocket PC-based handhelds 

| and smart phones, she added. 


| what Forbes 

| called “zero- 

| touch” provision- 
| ing of Microsoft 


look to push data to desktops 


The number of companies 
that need Gigabit Ethernet 


systems in server farms, said 


Daniel Morreale, CIO at 
work (NBHN) in New York, 


five months to install up to 20 
Summit 400-48 devices, fol- 
lowing a successful two-week 
test of two switches — one 
within the IT department and _ | 





sions of Microsoft's Office ap- 
plications, Forbes said. The 


By midyear, GoodLink 3.0 


will also support k 


applications for 


| mobile users. ' 
: 


That feature will 
let IT managers 


| push applications 


to end users over 


| wireless networks, 


eliminating the 


| need to physically 


load the software 
at a central loca- 


| tion, she said. 


In addition to the 


NEW HARDWARE 


Summit 400-48 


Includes 48 Ethernet ports 
with 10/100/1,000 Base-T 
transmission capabilities, 
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Starts at $9,995, 
plus $7,995 for the 10 Gigabit 
mut 


| another that supported a pa- 
| tient-care unit. 


“They're working wonder- 


| fully, being used for intense 

| bandwidth needs such as ob- 

| stetrics and cardiac imaging,” 
| he said, adding that the use of 


the switches “has been trans- 


product rollout, Good Tech- 
nology announced that it has 
signed on three new users, in- 


cluding UnumProvident Corp. 


in Chattanooga, Tenn. Unum- 


to roll out GoodLink 3.0 and 


| about 300 of Good Technolo- 
gy’s G100 handhelds to its 

| sales force and senior execu- 
| tives over the next 12 months. 


Brent Rogers, senior vice 
president of IT at Unum- 
Provident, said his staff 


with GoodLink — found GoodLink rela- 


tively easy to install 


and support as part of 


a test deployment. 
“It’s very simple 
from a support point 
of view,” he said, not 
ing that the installa- 
tion required only 

the addition of an 
Intel-based system 
that runs Good- 
Link’s server soft- 
ware component 
and handles traffic 
between the mobile 
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parent” to IT managers as well 
| as end users. 
| Morreale started installing 


| nearly 150 Extreme switches 
| and routers in September to 

| replace 7-year-old gear from 

| Cisco Systems Inc. The 

| changeover came after NBHN 
decided to upgrade its net- 
work to support a 10 Gigabit 
Ethernet core. “I started doing 
pricing on the upgrade, and it 
came down to Cisco and Ex- 
treme, but Extreme was signif- 
icantly lower in cost,” Mor- 
reale said, though he declined 
to disclose specifics. 

The research group at the 
University of Pittsburgh’s 
School of Information Sci- 
ences in Oakland, Pa., is also 
testing a Summit 400-48. The 
| device is installed in a re- 
search network over which 
| entire file systems are trans- 
| ferred, said Mark Steggert, the 
school’s systems manager. 

“Our research users have 
| never encountered a network 
| fast enough for them,” Steggert 
said jokingly, adding that the 
| new switch should help meet 
performance demands at a 


cost-effective price. @ 44573 


devices and UnumProvident’s 

| Outlook e-mail server. 

Although UnumProvident is 

initially using GoodLink only 

| for e-mail, Rogers said the 
company plans to broaden its 

use of the technology. He 

| added that he thinks Good- 

| Link provides more capabili- 

| 





| ties and adaptability than rival 
| products, such as Research In 
| Motion’s BlackBerry family. 

| Other new features in 

| GoodLink 3.0 include support 
| for viewing attachments such 
| as Adobe Acrobat files or Mi- 
| crosoft Excel spreadsheets 

| on handheld devices, plus an 
| e-mail in-box that’s much like 
those found on laptop-based 
messaging systems. 

| Incorporating support for 

| AES into the software should 
| meet the demands of hand- 

| held users for stronger data- 
encryption capabilities, said 

| Craig Mathias, an analyst at 
Farpoint Group in Ashland, 
Mass. “AES is very secure, and 
in the future, it’s going to be 


essential,” he said. @ 44606 








‘Gateway’ servers are the 
no-risk policy for the 
California Department 
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SO ies setae Reta Gateway because in the 
end, it all comes down to support and cost. 
With Gateway we get the best of both.” 
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California Department of Insurance 


Gateway listened to the problems facing the California Department of 
Insurance. Their 14,000 employees said e-mail was fast becoming the 
most vital communication method for agents, companies, and the 
public. However, their e-mail system was outdated. 


The solution? Three sets of clustered servers to deliver faster response 
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while providing high system uptime. 


Now they have an e-mail system that delivers increased productivity 
and reliability with only 9 servers—instead of 14. 


To find ‘out why our server and storage technology 
is a better business policy, call your Gateway 
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Gateway” 975 Series 


2U, High-Availability Server 
* Dual Intel” Xeor 
* Up to 12GB PC2100 E 

Six 64-bit PCI-X S 


Gateway” 840 Serial-ATA Gateway Technology 

RAID Enclosure Lifecycle Services 

2U Rack optimized Storage Chassis Gateway can support your technology 

* Scales up to 2TB for under $6,000 needs, no matter where your agency is 
or 3TB for under $7,200 in the tectinology lifecycle. 


* Hot-swappable SATA 7200 RPM Hard Drives atom 
* Integrated SATA RAID Controller Award-Winning Gateway 


¢ 3-Yr. Parts/Labor Limited Warranty/ Customer-Centric Support 


3-Yr. Next Business Day On-Site! Gateway has teamed with IBM® Global 
Services to provide phone and next 


: business day, 4-hour, and 2-hour 
$3,999.00 4 a. on-site support. ! 


d Warranty 
On-Site! 
FCC Class A Compliant? 


$2,199.00 


Call: 877-878-3256 


Go to: www.gateway.com/corp/cmpwrd 
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Users Tout Advantages of 
PLM Despite 


Faster time to market, lower costs cited 


BY JAIKUMAR VIJAYAN 


ESPITE THE chal 
lenges, implement- 
ing a product life- 
cycle management 
capability can give manufac- 
turing companies a competi- 
tive edge in a recovering econ- 
omy, said users at a confer- 
ence organized here last week 
by PLM software vendor Ma- 
trixOne Inc. 
The benefits include faster 
time to market, lower costs 
and more component and 


Mydoom Lesson: Take Proactive 
Steps to Prevent DDoS Attacks 


But putting up an 
adequate defense 
can be expensive 
BY JAIKUMAR VIJAYAN 

Dealing with a distributed de- 
nial-of-service attack such as 
the one that took down The 
SCO Group Inc.'s Web site last 
week continues to be a major 
challenge for companies, secu- 
rity experts said. 

But several options are 
available to at least help allevi- 
ate the pain for those that be- 
come targets, they added. 

A DDoS attack typically in- 
volves thousands of compro- 
mised “zombie” systems send- 
ing torrents of useless data, or 
requests for data, to targeted 
servers or networks. 

The SCO attack, for in- 
stance, was launched using 
systems that had previously 
been infected by the Mydoom 
virus [QuickLink 44483]. The 
virus contained code that in- 
structed thousands of infected 
computers to access SCO’s 
Web site at the same time, ren- 


technology reuse, they said. 

But the complex integration 
and customization issues that 
have long scared users off 
large PLM deployments con- 
tinue to be substantial obsta- 
cles, they added. 

“PLM is all about revenue 
growth,” said Glen Waisner, 
president of The Hayes Co., a 
manufacturer of lawn and gar- 
den equipment in Valley Cen- 
ter, Kan. 

The company, whose clients 
include big-name retailers 
such as Wal-Mart Stores Inc. 


dering it inaccessible to legiti- 
mate users. 

Stopping the flood of traffic 
can be very difficult because 
it’s coming from so many 
sources, said Bruce Schneier, 
president of Counterpane In- 
ternet Security Inc. in Moun- 
tain View, Calif. 

“From a philosophical per- 
spective, if the attacker’s pipe 
is bigger than the defender’s 
pipe, the attacker can always 
knock out the defender,” said 
Schneier. 

There are several approach- 


Dealing 
With DDoS 


= Have extra network band- 
width and server headroom to 
handle sudden traffic spikes. 

= Have multiple, geographically 
dispersed servers for handling 
the load. 

« Contractually require service 
providers to offer DDoS mitiga- 
tion guarantees. 








Diffic 


and Target Corp., re- 
cently implemented 
a PLM capability in 
a bid to gain better 
control over a cha- 
otic product-devel- 


| opment process. 


PLM has led to 
much better visibili- 
ty into Hayes’ prod- 
uct-development 
process and has en- 
abled product col- 
laboration across 
multiple departments and | 
with its major suppliers, some | 
of which are based overseas, 
said Waisner. As a result, 


es companies can take to pre- | 
pare for attacks such as this, 
said Paul Mockapetris, inven- 
tor of the Internet’s core Do- 
main Name System and chair- 
man of IP address manage- 
ment vendor Nominum Inc. in 
Redwood City, Calif. 

One is to set aside extra net- 
work bandwidth and server 
processing capacity to with- 
stand sudden surges in traffic, 
he said. Another is to “retreat 
from your domain name” and 
essentially park your Web site 
at another address while the 
attack plays out, he said. 

Geographically distributing 
Web servers is another ap- 
proach worth considering, 
Schneier said. That way, even 
if one server or network seg- 
ment is taken down by an at- 
tack, normal traffic can be 
redirected to other servers. 

But putting in place extra 
server processing capacity to 
handle DDoS attacks can be 
expensive and is likely to 
make sense only for larger 
companies, Mockapetris said. 
“There’s a bit of a digital di- 
vide when it comes to the abil- 





The Hayes Co.’s 
GLEN WAISNER 
says, “PLM is all 
Ellen ac uty 
Plena ae 


ties 


Hayes this year will 
manufacture 1,800 
distinct products, 
compared with 500 
last year. Some of 
those will be cus- 
tom-made for indi- 
vidual clients. 

For Invensys Rail 
Systems, implement- 
ing PLM has been 
about “efficiency im- 
provement,” said 
Ceri Gosling, CIO of 
the Wiltshire, U.K.-based 
manufacturer of rail automa- 
tion and signaling systems. Al- 
lowing designers, engineers, 


ity of companies to defend 
themselves against these at- 
tacks,” he said. 

“The long-term answer to 
DDoS protection has to be in 
the [service provider] net- 
works and backbones,” said 
John Pescatore, an analyst at 
Stamford, Conn.-based Gart- 
ner Inc. That’s because up- 
stream service providers are 
in a better position to detect 
and choke off traffic directed 
at a specific IP address, said 
Schneier. 

As a result, it’s a good idea 
to require service providers to 
offer some sort of guarantee 
against DDoS attacks, said 
Schneier. Gartner has in fact 
been advocating this for more 
than two years, urging users to 
include DDoS protection lan- 
guage in their service-level 
agreements with Internet ser- 
vice providers and data center 
hosting companies. 

But less than 1% of compa- 
nies overall are buying such 
services, Pescatore said. “Most 
enterprises say, ‘It isn’t raining, 
so the roof isn’t leaking. Why 
fix it?” he said. @ 44596 


MORE ONLINE 


For additional stories on this topic, visit our 
Security Knowledge Center 
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and procurement and market- 
ing teams to work collabora- 
tively on product develop- 
ment has led to better pur- 
chasing decisions, lowered 
product-recall costs and en- 
abled better workflow be- 
tween commercial and techni- 
cal teams, Gosling said. 

GE Consumer & Industrial 
in Plainville, Conn., has ex- 
tended PLM beyond physical 
products and is using the con- 
cept to manage commercial 
documents such as invoices 
and purchase orders, as well 
as tax-filing systems, said CIO 
Stuart Scott. The company 
has put in place a massive col- 
laborative environment called 
My Workplace that’s aimed at 
improving product develop- 
ment efficiencies. It has also 
begun extending PLM to han- 
dle over 17 million commercial 
documents, Scott said. 

“PLM can help companies 
decide what products to invest 
in and what to drop,” said 
Marc Halpern, an analyst at 
Stamford, Conn.-based Gart- 
ner Inc. “It helps them allocate 
the right budget for product 
development, track schedules 
and analyze [product] perfor- 
mance in terms of revenue 
generation or quality.” 

But getting there is no easy 
feat. “Integration is key to 
PLM,” said Mark O’Connell, 
president and CEO of West- 
ford, Mass.-based MatrixOne. 
“Very little information is cre- 
ated in a PLM system. Instead, 
the attempt is to add value to 
the information [that already 
exists].” Doing this means ty- 
ing together applications as 
disparate as engineering and 
design, ERP, CRM and supply 
chain systems, he said. 

Often, because product de- 
velopment processes can vary 
widely, either PLM products 
have to be heavily customized 
to fit specific environments, 
or business processes have to 
be tweaked to accommodate 
the PLM capability. The quali- 
ty of product-related data that 
a company maintains is also 
key to getting real benefits, 
users said. 

“A lot of companies don’t 
understand PLM,” Halpern 
said. “PLM is almost like ERP 
was 15 years ago.” @ 44602 
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Continued from page 1 
os 
RISC Chips 


ing technology to boost 
throughput and application 
performance at a lower price, 
according to Sun officials. 

UltraSparc 3 users will be 
able to upgrade without swap- 
ping boxes. The UltraSpare 4 
is “essentially doubling the 
performance in place,” said 
Clark Masters, executive vice 
president for enterprise sys- 
tems at Sun. 

HP, meanwhile, will release 
the PA 8800, its newest PA- 
RISC chip, which is the basis 
of its HP9000 server line. The 
company claims that the chip 
will deliver a 50% perfor- 
mance increase over the PA 
8700 if the servers are running 
the same number of proces- 
sors, but it will yield a 250% 
performance boost when up- 
grading an existing server to 
double capacity. The PA 8800 
is a dual-core chip, which 
means that what is now a four- | 


way processor could become 
an eight-way if PA 8800 
processors are plugged in. 
Unlike Sun, HP plans to 
phase out its RISC chips even- 
tually, migrating users to the 
64-bit Itanium processor it co- 


| 
| 
| dress the needs of their in- 
| 
| 


| valid ways of boosting system 
| performance. For users, “the 
| application might well deter- 


| tors and others from pub- 


| running both 32- and 64-bit 
| applications. Stamford, Conn.- 


| published a report analyzing 
| the implications of HP adopt- 
| ing the Opteron. HP isn’t con- 


developed with Intel Corp. 
But HP is “continuing to make 
some level of investment in a 


| couple of more generations of 


PA processor to essentially ad- 


stalled base,” said Gordon 
Haff, an analyst at Illuminata 
Inc. in Nashua, N.H. To do 
otherwise, he said, would risk 
user defections. 


| Depends on the App 


Rich Partridge, an analyst at 
D.H. Brown Associates Inc. in 
Port Chester, N-Y., said both 
HP and Sun have developed 


mine which approach gives 
the most efficient use of the 
hardware,” he said. 

Opteron is another issue. 
There have been rumors, 
some springing from competi- 





lished reports, that HP is on 
the verge of announcing 
servers based on Opteron, 
which has the capability of 


based Gartner Inc. last week 


| 
| 
| 
| 
| 
| 
| 
| 
| 


firming or denying such plans. 


Software Automates Content | 
Tracking and Management 


New tools help 
users comply with 
privacy, financial 
reporting rules 


BY THOMAS HOFFMAN 
Software vendors FileNet 
Corp. and IBS America Inc. 
have each developed Web- 
based systems aimed at help- 
ing users to automate content 
tracking and management for 
complying with regulations 
such as Sarbanes-Oxley, 
HIPAA and the Basel II bank 
capital accord 

The introduction of these 
so-called compliance frame- 
works is partly a reflection of 
how corporate executives are 


| stead of trying to attack each 


| ance framework approach. “I 


| to think that way,” he said. 


| to help corporate managers 
| audit and track documents. 


broadening their views of reg- | 
ulatory compliance, said AMR | 
Research Inc. analyst John 
Hagerty. Increasingly, compa- 
nies are leaning toward using 
IT architectures that can ad- 
dress many requirements in- 


one individually, he said. But 
Hagerty added that most po- 
tential users have yet tocom-__ | 
pletely buy into the compli- 


believe customers are starting 


“But I would not say that they 
are buying that way yet.” 
FileNet’s Compliance 
Framework, which is being 
introduced today, is designed 





Intel has also signaled inter- 
est in developing a 64-bit ex- 
tension for its x86 line, which 
uses an instruction set that’s 
different from that used by 
Itanium. The company may 
detail those plans at its devel- 
oper conference next week. 

Interest in Opteron is clear- 
ly growing. IBM started sell- 
ing systems based on the chip 
last year, focusing on high- 
performance technical com- 
puting users. But without 
much fanfare, the company 
has also been selling it to a 


| broader base, although the 


company says those users 
remain compute-intensive. 
Agronow said Opteron has 


| allowed him to boost perfor- 
| mance of his Oracle Corp. 
| applications without increas- 


ing licensing costs, which 
are pegged to performance. 


| The key was getting the best 


performance at the lowest 
gigahertz rate: He found 


| through testing that the 1.4- 
| GHz Opteron offered perfor- 
| mance equivalent to a 2.8-GHz 


Intel Xeon chip. 
Agronow advised potential 
users to test Opteron. “That's 


| what nailed it on the head for 
me,” he said. “I didn’t have to 
| accept somebody’s study or 


test case.” @ 44608 


The browser-based system 
uses technology from 
FileNet’s existing Enterprise 
Content Management product 
line and includes modules that 
support collaboration and the 
management of records, forms 


| and other types of content. 


In addition, Compliance 
Framework includes an event- 


driven architecture that can 
| quickly identify and initiate 
| responses to material events, 


such as a sudden change in 
projected quarterly sales, ac- 
cording to FileNet officials. 
That feature could be applied 
toward Section 409 of the Sar- 


| banes-Oxley Act, which re- 


quires companies to deliver 
timely reports to investors. 


‘Compliance’ Market 
“From a macro perspective, 
Sarbanes-Oxley is the piece 
that’s going to drive the bulk 
of the attention around the 


Consolidation Goal Is to Cut Costs 


After Vanguard Car Rental USA 
Inc. acquired the Alamo and 
National car-rental brands in 
October, it embarked on a plan 
to cut IT costs from $145 mil- 
lion to $75 million or less 
through systems consolidation. 

CIO Tyler Best's job is to 
make it happen by July 15. 

Alamo Rent A Car Inc. and 
National Car Rental were previ- 
ously owned by ANC Rental 
Corp., but they used separate IT 
systems: an IBM mainframe at 
Alamo, and HP ProLiant intel- 
based servers at National. 

Tulsa, Okla.-based Vanguard 
wants to maintain separate 
brand identities while creating 
an IT infrastructure with just 
one system to manage vehicle 
assets, reservations and other 
back-end systems. The compa- 
ny currently lacks a single view 
of its assets, Best said. 

“The rental car business is 
what | call ‘glorified asset man- 
agement’ - making sure vehi- 
cles are in the right place at the 
right time,” he said. 

Vanguard is moving its sys- 
tems to two high-end PA-RISC- 
based Superdome servers from 


marketplace,” said Chris Mc- 


Laughlin, director of financial 
services marketing at Costa 


| Mesa, Calif.-based FileNet. But 


he added that the vendor is 
trying to provide “a good, flex- 
ible foundation to allow cus- 


| tomers to build in new com- 


pliance requirements” to meet 


other forthcoming regulations. 


Lexington, Mass.-based IBS 
America last week announced 
QSI Websystem for Compli- 
ance Management, which is 
designed to automate the 
process of identifying who 


| created a document, tracking 


where it has been routed and 

capturing other information. 
The document-control sys- 

tem offers role-based user 


| screens and expands beyond 


an existing Notes-based sys- 
tem that can be used to moni- 
tor compliance with quality- 
assurance standards such as 
ISO 9000, IBS said. 





HP. Best said his technical staff 
has no problem with HP's strat- 
egy to phase out the PA-RISC 
line and migrate those users 

to Itanium. 

Vanguard evaluated tech- 
nologies from the major ven- 
dors, each of which Best said 
he feels has the capability to 
produce systems that can 
leapfrog the others at different 
points in time. Best said that 
when his company took a 
“snapshot” of what was avail- 
able, he decided on Super- 
dome because he felt it would 
provide the transaction power 
he needed, maintain standards 
compliance and be backed up 
with good service. 

Vanguard is also installing 
the Odyssey reservation system 
from Perot Systems Corp. 

The goal is to begin rolling 
the new systems into produc- 
tion at the start of July and to 
complete the work by the mid- 
dle of the month. From the per- 
spective of Vanguard's top 
management, Best said, the IT 
project is “the No. 1 project that 
the company has.” 

- Patrick Thibodeau 


Dana Corp. in Toledo, Ohio, 


| has used the Notes software 


since 1996. The automotive 


| parts supplier plans to roll out 


QSI Websystem once IBS be- 


| gins shipping a version of the 


software for use in training em- 
ployees, said Brian Sniegocki, a 
senior IT analyst at Dana. That 
release is due late next month. 
Sarbanes-Oxley compliance 
is one of the big drivers of the 
plan to use QSI Websystem, 


| Sniegocki said. “In our organi- 


zation, it’s imperative to have a 


| browser-based system to sim- 
| plify [document] access,” he 


said, adding that the software 
could benefit internal business 
managers as well as suppliers 


and customers. @ 44610 


IT, BUSINESS MIX 


tools monitor how 
well systems support business processes: 


QuickLink 44612 
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IBM Aims Middleware at Financial Firms 


BY LUCAS MEARIAN 

IBM last week announced 15 
middleware bundles aimed 
specifically at applications in 
the financial services and in- 
surance industries, such as 
risk and compliance manage- 
ment and claims processing. 

The bundles are the first 
tangible result of IBM’s De- 
cember announcement that it 
would begin tailoring its soft- 
ware offerings for users in dif- 
ferent industries [QuickLink 
43213). 

The financial industry pack- 
ages are made up of existing 
IBM products and include 
business applications from 
vendors such as SAP AG and 
PeopleSoft Inc., IBM said. 

In addition, the bundles pro- 
vide market-specific function- 
ality developed by Fidelity In- 
formation Services Inc., Fiserv 
Inc., Sanchez Computer Asso- 
ciates Inc. and other vendors. 


Scalability Needs 


Walter Hatten, senior vice 
president and technical ser- 
vices manager at Hancock 
Bank in Gulfport, Miss., said 
he’s using a software bundle 
that IBM put together for him 
as part of a server integration 
project that involves moving 
Windows and OS/2 applica- 
tions to an IBM mainframe 
running SUSE Linux. 

The package includes e-mail 
archiving software from start 
up ZipLip Inc. to help the bank 
address Securities and Ex- 
change Commission rules gov- 
erning electronic document 
retention, Hatten said. 

“There’s just been a tremen- 
dous growth over the years,” 
he said, noting that the bank’s 
server farm has grown to 
about 500 systems. “One need 
we had was scalability. Being 
able to scale in a mainframe 
environment rather than a PC 
environment was crucial.” 

IBM said there won't be any 
pricing advantages to purchas- 
ing the bundled software com- 
pared with buying the prod- 
ucts on an individual basis. 

But Bill Bradway, an analyst 
at Financial Insights in Fram- 
ingham, Mass., said the inte- 





grated offerings should help 
users reduce software imple- 
mentation cycles. IBM’s move 
also “eliminates the gaps” be- 


Sharp Healthcare 
Halk 


98.5% 
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tween projects’ IT and busi- 

ness requirements, he said. 
Doug Brown, director of in- 

dustry marketing for IBM’s 


software group, described the 
middleware packages as “a 
head start” for users. 

“In the past, we would have 
had our salespeople talk with 
customers about applications, 
servers or security,” he said. 


“Now we're in a conversation 
with customers about people 
productivity, integration issues 
and middleware all coming to- 
gether to form a foundation for 
the project, instead of individ- 


ual product parts.” @ 44565 
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HEN ALL WAS SAID AND DONE, did 
Mydoom spell doom for your com- 
pany? Did the fast-spreading, widely 
publicized virus bring your enterprise 
down in a tangle of clogged e-mail systems and over- 
whelmed servers during the past two weeks? 


Chances are it didn’t 
do any such thing. 
Chough you would cer 
tainly be excused for 
thinking Armageddon 
was at hand, given the 
hyped-up, sky-is-falling 
public warnings from a 
handful of the antivirus 
and security vendors 

Mydoom was spun up editor in ch 
in the press as every 
thing from the harbinger 
of “doom to corporate 
in-boxes” to the “most virulent virus 
in history,” as we reported last week 
(“Antivirus Software Vendors Fucl 
Mydoom Hype,” QuickLink 44430]. 

One advisory from Sybari Soft- 
ware called it “a huge problem for 
organizations,” without any evidence 
to back that up. Central Command 
initially warned its customers about 
serious e-mail congestion at compa- 
nies “bombarded” with infected 
messages, but it later downgraded 
the whole event to a “nuisance.” 
McAfee rated the virus a “high out- 
break” threat to business, although 
the estimated 500,000 infected sys 
tems turned out to be mostly home 
users and small businesses. 

No question, there were tens of 
thousands of individuals seriously 
inconvenienced by this latest virus 
to target the ever-vulnerable Win- 
dows operating system. They were 
no doubt kicking themselves after 
clicking on the e-mail attachment 
that launched it. But the only high- 
profile business victim was The SCO 
Group’s Web site, which was tem- 
porarily shut down on Super Bowl 
Sunday by a denial-of-service attack 
connected to Mydoom. A subse 
quent attack on the Microsoft Web 


site was successfully flicked away. 


t 


t of 

erworld. You can contact 

her at maryfran_johnson® 
computerworld.com 


In a poll on Computer 
world.com last week, only 
7% of the 379 respondents 
said their companics were 
affected at all. Another 
14.5% noted some net 
work infections, but 38% 

\ said they noticed nothing 
} %, more than some server 
strain from the e-mail 

blasts, and another 38% 


MARYFRAN JOHNSON |S 


Comput 
said they just saw “more 
e-mail than usual.” 

This so-called over 
whelming threat fizzled out at e-mail 
gateways, thanks to IT and security 
managers who have shored up com- 
pany defenses with well-known se- 
curity practices such as screening 
out e-mail attachments, continually 
updating antivirus software and 
monitoring internal networks for un 
usual traffic patterns. “We were sur- 
prised by how little it affected us,” as 
one telecommunications service 
manager put it [QuickLink 44429]. 
Wondering if it was just my imagi- 


S 


LW 


iruse 


nation that the Mydoom outbreak 
had been wildly overplayed, I called 
security expert Bruce Schneier, CTO 
at Counterpane Internet Security 
and author of Beyond Fear: Thinking 
Sensibly About Security in an Uncer- 
tain World. He agreed that the threat 
level of this virus was overblown. 
But in his colleagues’ defense, he 


pointed out that security companies 


often agonize over how much alarm 


to raise when these outbreaks first 
occur. In the frantic guessing game 


in the early hours of a virus’s appear- 


| ance, some prefer to hype rather 


than understate the dangers. 

Not so coincidentally, the hype 
sells more product. What better time 
to hawk your software than when 


| every media outlet is shrieking 


warnings about the need for it? 
As Schneier and many other ex- 


perts have pointed out, the only real 


| solution lies in Microsoft virus- 


proofing its own software, which it’s 


obviously unable to do. In the mean- 


time, IT needs to be able to rely on 


| credible information from the front 


lines of these virus outbreaks. Secu 
rity vendors that keep issuing these 
Chicken Little virus warnings will 


| ultimately lose their credibility with 


customers, plus their reputations as 
reliable sources with the media. 
Remember how the Chicken Little 


fable ended? Ask the fox. @ 44577 
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How Super 
Bowl Ads 
Help Linux 


Wy 1’S ALMOST IMPOSSIBLI 
to know if spending $2.3 
JLmillion for a 30-second 
Super Bowl spot changed the 
world’s perception of Linux 
or IBM. But it’s clear that only 
companies have the resources and 


ifew TI 


brand awareness to make such a cam 
paign meaningful to a mass audience 
and IBM is one of them 

IBM’s strategy to plump for the mass 
market is aimed at three key audiences 
according to Christopher Williams, a 
marketing strategist at Idea Engineer 
ing Inc., a Santa Barbara, Calif., market 
ing and advertising firm. 

‘In reaching the mainstream, they 
are reaching the IT decision-makers, 
the company’s stake- 
holders and the IBM 
shareholders,” said 
Williams. 

With its Linux ads 
starring Muhammad 
Ali, IBM is building 
potential for an in- 
gredient brand, a la 
Pentium (it’s a name 
brand, even though a 
it’s just an ingredient y' lif C a 


1 


PIMM FO) 


inside a larger prod- olanateniiivaatsatl vat 
uct), paving the way 
for channel advertising. 
will have a platform for further Linux 
advertisiny, all while reinforcing Linux 


In addition, it 


as a good business decision for you 
and your bosses. 

“People say they make business de- 
cisions on facts, not emotion,” says 
Williams. “But emotion does play a 
role in the process.” 

Stakeholders who benefit include 
customers who have adopted Linux. 
For shareholders, the ads bolster confi 
dence in IBM’s forward-looking busi- 
ness strategy, and high-tech stockhold 
ers like to see companies they own do 
ing something cool and cutting-edge. 

The ads themselves are pretty effec 
tive, considering their scope. There's 
no way IBM can communicate the 
technology or business benefits of Lin 
ux to such a wide audience, so the ads 
have to go for an emotionally driven 
declaration: “Shake up the world.” 

Similarly, Microsoft’s Office print 
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April 5-8, 2004 
JW Marriott Desert Ridge Resort 
Phoenix, Arizona 


Co-owned and Produced by: 


Is your storage strategy focused 
on the future? Want to learn 
important new strategies from 
IT executives and managers at 
companies like FleetBoston 
Financial, Pacific Gas & Electric 
and Public Broadcasting 
Service? Then plan to be at 
Storage Networking World! 


YE U 


Benefit From the Most Comprehensive Program 


No other storage event gives you a program so rich with experiences ~ whether they're 
industry and certification primers, general sessions, tutorials, opportunities to see technologies 
at work ... or the rare chance to talk to the very engineers that make them work. 


Easily Navigate an Agenda Packed 
With Choices and Learning Experiences 


No other storage event provides an agenda woven with so many logical choices - choices 
that allow you to tailor your valuable time to your very specific needs. (See the full agenda at 
www.snwusa.com/print.) 


Get an Education Endorsed by the SNIA 


No other storage event offers a learning experience developed and sanctioned by the industry's 
most influential storage association - highlighted by the SNIA-delivered technical tutorial sessions. 


Meet Experts and Shop in the Largest Available 
Storage-specific Solutions Mall 


No other storage event allows you to see all the players and solution providers in one place. It’s 
literally your one-stop “solutions mall.” 


See SNW’s Flagship Interoperability & Solutions Demo 
<S ct No other storage event gives you: 
¥ © 40-plus SNIA member companies collaborating 
on integrated solutions 
the opportunity to meet anita 
lead ts and di 
leading experts and engineers oS 


* access to $25 million worth 
of proven technology in action DEMO NETWORKING 


Storage Management 
e Enterprise Infrastructure 
Business Continuity 


e Data Management 
and Security 


¢ Emerging Technologies 


S [DC Storage Analyst Briefing 
The Impact of Tiered Storage 


an IDC breakfast briefing 


In this fast-paced breakfast session, IDC’s top 
storage analysts will examine companies’ growing 
interest in deploying tiered storage solutions and 
assess its impact on storage components, systems, 
networks, management and services. Analysts will 
address topics including 


¢ Form factor and drive technologies 

* Heterogeneous data replication and protection 
¢ The demand for mixed media arrays 

* Network-based storage services 

* Storage, file and content management 

* Technology migration cycles 

¢ Storage workloads 


*This session is intended for IT vendors; no non-IDC 
analysts permitted in this special session 


For more information and to register, 
visit WWW.snwuSsa.com/print or call 1-800-883-9090 (1-508-820-8159) 


“_ Not only were there REAL users all over 
the place, but the buzz was awesome. | 
commend SNW for putting their money 
where their mouth is and putting together 
a really great conference ...” 

Steve 


Duplessic 
Founder & Senior Anatyst 
Enterprise Storage Group 


issues and learn about new 


“... an opportunity to share storage y 
solutions from your peers ...” n 


al “.. the right mix of attendees - high- 
ae end users and major executives 


with great an its 


event is at the top of my list ...” 
Clyde Smith 

SVP, Broadcast Entertainment Technology 

Turner Entertainment, 





VP, Information Technology Founder & Senior Analyst Director. Systems Chief Security Officer 
Allianz Life insurance Enterprise Storage Group Epsilon Farm Credit Services 
of America 


Agenda Snapshot* 


For details, updates, and to register visit www.snwusa.com/print 









Monday, April 5 
(Pre-Conference Activity and Tutorial Sessions) 
9:30am-11:30am —_ Industry Primer, Career Development and Skills Development Tracks 








Tuesday, April 6 
(General Conference - Day One) 


7:15am-8:15am 


Continental Breakfast 





ing Remarks and Visionary Presentation 


ral Sessions 














ess Track 
ity and Solutions Demo 
(General Conference - Day Two) 
7:30am-10:30am IDC Breakfast Briefing 
s Der 
Bu ss and SNIA k 
Thursday, April 8 
(Tutorial and Breakout Sessions) 
7:30am-8:30am 
8:30am-11:45ar 3usiness, Business and SNIA Tracks 








11:45am 


“Best Practices in Storage” 
Awards Program 





Submit your nomination today at et BI Z S [ 
www.snwusa.com/print PACTICES IN 
or email Nanette Jurgelewicz at STORAGI 


nanette_jurgelewicz@computerworld.com 
aera 


Awards Ceremony: Wednesday, 
April 7, 3:05pm, SNW Main Stage 


For more information and to register, 


Pre-Conference 
Golf Outing 


Complimentary for Registered IT End-Users 


The Pre-Conference Golf Outing at The Wildfire 











value) for registered IT End-Users (other p 
and vendors 
all applicable gelf outing expenses) 


For details: contact Michael Meleedy at 1-508-820-8529 


LARI SUE TAYLOR DOUG BUSCH RICK PELTZ 


SVP. Enterprise Security VP & C10 
& Recovery Intel 
FleetBoston Financial 


Mar 


SVP & CIO 


us & Millichap 





Director, IT infrastructure Chief Technology SvP 
Pacific, Gas & Electric Integratic: Officer SAS institute 
Public Broadcasting Service 


Enjoy the JW Marriott Desert Ridge Resort in Phoenix! 





Options for IT End-Users* 


General Conference 





fackage (April ¢ 





Business Tracks; SNIA-f 


t-Read: 


Options for IT Vendors** 





No other storage event allows you 
to learn, network and enjoy the 
conference in such a relaxing, 
comfortable and unique setting, 


Earlybird Registration Full/Onsite Registration 


$895 


ho 
o 


$1,295 








may play on an “as available” t 










re 
visit www.etcentral.com OR 
all 1-800-340-2262 (or 1-508-820-8686) 


Travel and 
Accommodations 








s the official travel 
Storage Networking 
are your one-stop shop 
2 discounted rates on travel and hotel 








)dations. 


your accommodations: 


visit Www.snwusa.com/print or call 1-800-883-9090 1-508-820-8159) 


“... the Interoperability & Solutions Demo 


corning out ... a chance to ‘kick the tires’ 
and talk to vendors ...” 


Michael Goode 
Director, Storage Services 
Nielsen Media Research 





gives us a flavor for the technology that’s = 


“.» What sets SNW apart is the 
networking opportunities ...’ 


Brad Friedman 
VP. information Services 
Burtington Coat Factory 


“.. | enjoy the opportunity to share 
my experiences and hear what 
other people are doing ...” 


Bob Mathers 
Second VP, [T Operations 
Guardian Lite insurance 































Registration questions? Please call 1-800-883-9090 or Email: snwreg@computerworld.com 
Visit our website at: www.snwusa.com/print 
NETWORKING 
ORLI Earlybird Full/Onsite 
Registration Registration 
Options for IT End-Users* ; 
General Conference Package (April 6, 7) $895 $1,295 


JW Marriott Desert Ridge Resort | Total 4-day Package (April 5, 6, 7, 8) 131,290 351,690 
Phoenix, Arizona ks. SNIA NIA V 


Options for IT Vendors** 
Total 4-day Package (April 5, 6, 7, 8) 131,290 $1,690 


Non-Sponsoring/Exhibiting Vendor Package) =si(‘éséwé~S «SSO 4$5,000 


Reserve your Accommodations at: 
www.etcentral.com 


Questions about accommodations? 
Please Call 1-800-340-2262 or 
Email: eventhousing@idg.com 


Registration Information: 
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snwreg@computerworld.com 
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and TV campaign not only aims at IT 
decision-makers, but also leapfrogs 
them to get at the end user, creating a 
sense of goodwill that could pay off 
when it’s time for the buying decision. 
“It helps the Microsoft salespeople,” 
said Williams. 

But not every company is an IBM or 
a Microsoft. Such behemoths can take 
advantage of long-term market shifts 
and calculate the ROI of Super Bowl 
spending, but other IT vendors that 
want successful ad and marketing cam- 
paigns have to get realistic. “They need 
to think about the costs of advertising 
and marketing and whether it is going 
to get their business where it needs to 
go,” says Williams. 

Ultimately, that means IT vendors 
need to reach you with their messages, 
whether in the pages of Computer- 
world or its competitors, or during the | 
Super Bowl. So the next time you’re | 
wondering why Computer Associates 
would spend a fortune to advertise 
during the football playoffs, remind 
yourself that it’s because you're sitting 


there watching. @ 44474 


DAN GILLMOR 


Paperless 
E-voting Is 
A Threat 


N THE electronic-voting 

scandal that threatens one 

of our most fundamental 
duties in a democracy — vot- 
ing — there’s asmall amount | 
of good news but plenty of bad news. 
Which is why I’m going to ask IT peo- 
ple to do something that may seem, at 
first glance, overtly political. 

In reality, this isn’t about politics. It’s | 
about the first duty of a citizen: voting. 
IT people have a unique chance to 
help save the franchise from some 
know-nothing bureaucracies and 
greedy corporations that are threaten- 
ing the foundations of democracy. 

The issue is bubbling up over two 
basic technologies. The first is the use | 
of touch-screen computers — devices 
that always have bugs and can be 
hacked — with no paper trail. This is, 
in a word, nuts. 

Imagine if banks refused to give pa- 
per receipts for ATM transactions, or if 
merchants didn’t print receipts for 
credit card purchases. The use of 
ATMs and credit cards would plunge, 


| 












not because we’d believe our 
financial institutions were 
ripping us off, but because 
we'd have no way of proving 
that they weren't. 

Yet jurisdictions across 
the U.S. are installing such 
machines for voting — in- 
cluding, I’m embarrassed to 
say, the county in the heart 
of Silicon Valley, where offi- 
cials have basically laughed 
off warnings that this kind 
of system is dangerous. 

A few state officials are 
beginning to wake up. California will 
require a paper trail by 2006, but other 
jurisdictions prefer just to do what the 
vendors tell them, and that’s an abdica- 
tion of public responsibility. 

All this is bad enough. But now the 
federal government is moving forward 
with a scheme to have expatriates and 
members of the military vote over the 
Internet using Windows computers 
from places such as Internet cafes. 









Sears CEO Blasted | 
For Offshoring Quip | 


te: Our story on 
Sears CEO Alan Lacy [Quick- 
Link 44157] was posted on Fri- 
day, Jan. 16. In it, Lacy praised 
offshoring and said that “there 
are four or five times as many | 
smart, driven people in China | 
than there are in the U.S. And 
there’s another four or five, 
three or four times as many 
people in India that are 
smarter or as smart or have 
more drive.” On Monday, Jan. 
19, Sears issued an apology and 
said it has no plans specifically 
related to offshoring. We 
added an editor’s note to our 
story, but before we could do 
so, we were inundated with 
outraged letters. Some samples: 


"VE GOT NEWS for Lacy: Those 
“smart, driven” people in China 
and India aren't shopping at Sears. 

The employees he fires won't be 
shopping at Sears either. Lacy is on 
a fool's errand to improve his prof- 
itability next quarter. You don’t have 
profits if you don’t have customers. 
Mark Edwards 

Chubbuck, Idaho 


HAVE BEEN in IT for over 37 
years, and | don't recall a more in- 








OPINION 





sulting and demeaning comment 
than the one from Lacy. It's the 
smart and driven people in the U.S. 
who have made it the leading tech- 
nology country on the planet 

Don Greb 

Pittsburgh 


IGHT | POINT OUT that none 
of the people in China and In- 
dia are Lacy's customers? Might | 
also point out that ! consider myself 43556] 
“smart” and possessing “drive” and 
that | am no longer one of his cus- 
tomers either? 
Chris Herzog 
Software Technologies Group 
Inc., Westchester, Il. 





it’s for the, er, Moths | 


FOUND your cartoon on “Future 

Outsourcing Opportunities” hu- | 
morous, especially the proposal for 
the bald eagle [Opinion, Jan. 191 
The problem with that solution, 
though, is that there are no hum- 
mingbirds in Europe. They are na- 
tive to the Americas. Perhaps a Eu- 
ropean bunting would do the trick. 
Michael Smith 
Senior database analyst, 
State of Maine, Augusta 


Editor's note: We were actual- 
ly thinking of the European 
hummingbird hawkmoth. Ad- 


The average IT person, 
having read that sentence, 
is surely shaking his head 
in disbelief at the govern- 
ment’s folly. [It was learned | 
on Thursday that this plan 
has been put on hold — Ed.] 

Four members of a team 
looking into the Internet 
voting idea became so 
alarmed at the prospect 
that they jumped the 
scheduling gun and issued 
an early report of their 
own. They are widely ac- 
knowledged as experts, and their re- 
port was scathing [QuickLink 44255]. 

Read the report at www.servesecurity 
report.org, and then do something to 
help save our democracy from people 
who endanger it so cavalierly. Part of 
your job as an IT person is to recognize 
the inherent flaws, in people and ma- 
chines, that make information technolo- 
gy so annoying and interesting. You 
know that systems have problems for 


| 
| 

somehow that seem 
| tousat the time. 
| 

| 

| 

| 

| 
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All You Need 


BELIEVE it was Archi 
said something like, ° 


Memphis 


made recently that ack 


43743}. 


standards X9.69 and X' 
worldwide deployment 


Defense for Homeland 
selected the same tech 





Organization. Sandia N 





mittedly, it’s not a bird, but 





place to stand and a big encugh 
check and | can move the world!” 
(“Merging Mainframes,” QuickLink 


C. Wayne Hardeman 





Don’t Let Data Fall 
Into Wrong Hands 


T MAY interest you to know that 
several decisions have been 


the need for the persistent protec- 
tion of data, in motion and at rest 
[“Data Security Breaches Reveal | 
Encryption Need,” QuickLink | 


The Defense Information Sys- 


tems Agency has selected ANSI 


fense Collaborative Tool Suite. The 
Office of the Assistant Secretary of 


the dissemination of information 
throughout the Homeland Defense 
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human and technical reasons, and a big 
part of your job is to ensure that when 
— not if — you have problems, you can 
recover. So you make sure there are 
backups and true redundancy. You 
work hard to prevent malfeasance from 
within the organization or from outside. 
The voting machine companies and 
Internet voting advocates have done 
an abysmal job with security. We don’t 
have to believe someone will steal an 
election — though people will surely 
try — to worry that simple bugs will 
create wrong results. 
Please call your local voting officials 

and member of Congress. Ask your 

| CIO or CEO to raise hell. 

| You have credibility. If you don’t use 

| it, we could lose something precious. 

| You can make a difference. I beg you 
to try. @ 44473 


| WANT OUR OPINION? 


More columnists and links to archives of previous 
| columns are on our Web site 
| www.computerworld.com/columns 





ratories has also been working with 
the same technical approach, called 
constructive key management, to 
provide role-based access control to 
information at the object level, using 
content descriptors as triggers for 
the cryptographic process. The Na- 
tional Guard has contracted for the 
use of the CKM technology for the 
controlled, appropriate access to in- 
formation on its Web portal 

This affords a mechanism to fol- 
iow the data-centric approach nec- 
essary to achieve the objective of 
“only handling information once,” a 
concept known as OHIO, with the 
proper people seeing that set or 
subset of information consistent 
with their respective role 
Jay Wack 


CEO, Tecsec Inc., Vienna, Va., 


ed funny 


SEIT 


Is Cas 


medes who 
‘Give me a 


aE A | 


nowledge | 
jayw@tecsec.com 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity 
They should be addressed to Jamie 
Eckle, letters editor, Computerworld, 
PO Box 9171, 500 Old Connecticut 
Path, Framingham, Mass. 01701 
Fax: (508) 879-4843 
E-mail: letters@computerworld.com 
Include an address and phone num- 
ber for immediate verification. 

For more letters on these and 


© other topics, go to 


www.computerworld.com/letters 
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SAS, the leader in business intelligence software, challenges... 
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ENTERPRISE - ° . ° ‘ 
With Sarbanes-Oxley compliance deadlines less than a year away, there is an urgency to deliver financial and operational 


SUPPLIER transparency — one clean, consolidated and truthful version of data for all your disclosure controls and procedures. 

SAS* Corporate Compliance software provides auditable, searchable process and document control solutions. So you 

ORGANIZATIONAL can prepare now, while creating a system that won’t be outdated when the next new legislation is enacted. Our intuitive 
interfaces are designed for users of any skill level — with a central point of control to manage across all environments 

er and an open, adaptable architecture. To find out more about how to confidently comply with Sarbanes-Oxley, including 


Sian : Section 404, call us toll free at 1 866 270 5729 or visit our Web site. 
INTELLIGENCE 


www.sas.com/sox 


Proud Sponsor 


The Power to Know. 








FUTURE WATCH 

Rushing Toward Chaos 
Technology futurist Chris Meyer 
says IT is maturing. His advice: 
Outsource commodity IT, em- 
brace the new sciences, and live 


on the edge of chaos. Page 32 Page 34 


SECURITY MANAGER’S JOURNAL 
Postmerger Audit Quashes Trust Idea 
Mathias Thurman turns his attention away 
from Sarbanes-Oxley compliance to audit a 
newly acquired company for security holes — 
and finds that it’s inadequately protected. 


OPINION 

Sun Refuses to Be Eclipsed 
Sun’s anxious response to the 
Eclipse Foundation’s new inde- 
pendence can be traced to com- 
peting user-interface tools, says 


Nicholas Petreley. Page 36 





helped draft the blueprint for AXA’s IT architecture. 


BUILDING 


FOR THE 


LONG 
TERM 


TICKING TO A VISION has its 
rewards. For AXA Financial 
Services LLC, those rewards 
add up to about $55 million, 
which is what IT executives 
figure they’ve saved by ad- 
hering to a blueprint for the 
services-based computing architecture 
the company first laid out in 1990. 
Over the past 13 years, the technolo- 
gies have changed, but the central vi- 
sion of a scalable, future-proof IT ar- 
chitecture based on reusing a core set 
of software-based services has stayed 
intact. The payoff has come from the 
ability to quickly and cost-efficiently 
develop, deploy and manage new ap- 
plications across myriad customer 
channels, which the $480 billion insur- 
er says gives it an edge in an industry 
better known for its IT conservatism. 
The business driver for the architec- 
tural blueprint is the same today as it 
was more than a decade ago, says AXA 
Chief Technology Officer Don Bus- 
kard, one of the drafters of the blue- 
print. “Anything we do and have to 
redo is a negative-ROI project because 
we're just duplicating something we al 
ready did and spending money to do it 
without adding much value,” he says. 


Common Services 

The three key reusable services the 
AXA IT architecture provides to all 
applications are common data access, 
data translation and security. These 
were initially developed by internal 
software developers who created pro- 
prietary code. Over time, however, as 
new technologies have become avail- 


® Objective: Minimize 


development costs and 

ensure quality by design- 

ing an IT architecture 
based cn a core set cf reusable services. 


® Challenges: Developing the services in- 
ternally. Later, as AXA phased out proprietary 
code, the issue became choosing the right 
commercial products to replace its home- 
grown programs. 


@ Payoff: The ability to quickly and cost- 
efficiently develop, deploy and manage new 
applications across customer channels has 
saved the company some $55 million in 
development costs. 


® Advice: Have a blueprint of your IT archi- 
tecture and stick to it. “It's a management is- 
sue,” says AXA CIO Bill Levine. “You don't let 
developers go around it.” 


able from commercial IT vendors, 
AXA has adopted a strategy of swap- 
ping out homegrown programs for off- 
the-shelf software. But the company 
remains true to its original IT blue- 
print for reusable services. 

The benefits of migrating to off-the- 
shelf products include greater flexibility 
and lower software maintenance costs, 
says Marvin Rafe, group director and 
chief architect. Rafe has been with New 
York-based AXA for 14 years and, like 
Buskard, worked on the original archi- 
tecture plan. “Over time, the services 
requirements really haven’t changed 
that much, but the technology under- 
neath the services has changed,” Rafe 
says. “We've had to change the technol- 
ogy underneath three or four times.” 

Continued on page 26 


AXA FINANCIAL’S BLUEPRINT 
FOR SOFTWARE REUSE SO FAR 
HAS eee $09 MILLION IN 


SAVINGS. BY JU! 
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By cutting up to 80% off your 
development time, Visual Studio 
-NET 2003 gives you more time 
to do what you do best. Think. 


Got a big idea? Visual Studio” .NET 2003 
delivers a higher level of productivity, so 
you can turn that big idea into reality 
faster than you ever thought possible. 
Want proof? Merck & Co. Inc. was able 
to create a solution that accelerated and 
improved the accuracy of their monitoring 
process in a time frame barely imaginable 
before they began using Visual Studio 
.NET 2003. To read the full story on how 
Merck and other companies are using 
Visual Studio .NET 2003 to quickly 

turn their big ideas into reality, visit 
msdn.microsoft.com/visual/think 


Microsoft’ w yr 


Visual Studio 
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Continued from page 23 

AXA started with mainframe technolo- 
gy, then moved to client/server and is 
now Web-based. Originally, AXA used 
IBM’s SNA to provide communications 
and common data access to front-end 
systems directly from the mainframe. 
In the second phase, it eliminated di- 
rect connections between worksta- 
tions and the mainframe. It also 
switched from IBM’s OS/2 operating 
system to Windows on its servers 

and front-end PCs. In the third phase, 
object-oriented interfaces based on 
CORBA and TCP/IP technology for 
communications were key. 

Most recently, AXA brought in Mi- 
crosoft Metadirectory Services to syn- 
chronize all of its other directories and 
migrated from CORBA to J2EE (see 
timeline below). 

AXA IT executives say that in each 
transition, the mainframe legacy trans- 
actions, customer data and agent data, 
which together represent the biggest 
investment, have been carried forward. 
“This services architecture allows us to 
retain and continue to leverage that in- 
vestment while the underlying technol- 
ogy over which we really have no con- 
trol continues to change,” Rafe says. 

For example, Rafe notes that the 
need for a service to aggregate cus- 
tomer data across multiple accounts 
residing on one or more of AXA’s eight 
major computer systems remains the 
same, regardless of whether an agent is 
requesting it via a voice-response unit 
or the Web. 

AXA’s eight major systems include 
those that it uses for retail and whole- 
sale distribution, sales applications, life 
annuity services, broker/dealer sys- 
tems, applications used by AXA's fi- 
nancial services planning group and 
client-facing applications for customer 
inquiries and self-service via the Web. 


HOW AXA'S 
EVOLVED 


* 1989-92 


® Architectural focus/objective: Connectivity 
and common data access; middleware to front- 
end mainframe. 


® Key technologies: CICS, SNA/APPC LU 6.2 
and Easel Corp.’s CASE tool. Front-end PCs run 
OS/2. Workstations communicate directly with 
the mainframe. 


@ Number of applications benefiting from 
code reuse: 11 


® Estimated cost savings: $10 million 


“What we've done is separate the 
business intelligence and intellectual 
capital, which is the customer data, 
agent data and the ability to perform 
the transaction from the technology,” 
says Rafe. That way, AXA can take ad- 
vantage of new and better technologies 
as they emerge, without interrupting 
the delivery of key services, he notes. 

A major infrastructure upgrade com- 
pleted in 2003 from AXA’s legacy 
CORBA environment to IBM’s Web- 
Sphere MQ message-based technology 
serves as a prime example. AXA want- 
ed a single software product to deliver 
a common way for applications to ac- 
cess data in back-end systems, Buskard 
explains. This approach even better 
streamlines the integration of new ap- 
plications. It also enables new services, 
such as allowing users to perform a full 
complement of financial inquiries and 
transactions via the Web. 

AXA chose WebSphere MQ, Bus- 
kard says, because it was already using 
IBM operating system software and 
was familiar with the product’s prede- 
cessor, the MQSeries middleware. 

The implementation wasn’t a slam- 
dunk operation, however. IBM’s initial 
WebSphere MQ software proved to be 
difficult for AXA developers to use, 
which slowed AXA’s time to market 
with new services, says Buskard. 

“Although [WebSphere] was a very 
robust transport that connected all of 
our systems, there was a fairly complex 
syntax. There was a large set of trans- 
actions with lots of parameters and 
lots of error messages to contend 
with,” explains Rafe. 

So AXA brought in Candle Corp.’s 
PathWAI application infrastructure 
management software, which Rafe de- 
scribes as a software “wrapper” that 
masks the complexity of WebSphere. 
The Candle software manages the mes- 


© 1993-96 


® Architectural focus/objective: Client/server. 
Focus on data transport, messaging, security, and 
common customer and agent files and directories. 


® Key technologies: Windows replaces 0S/2. 
TCP/IP used for data communications between 
workstations and servers. Server-to-mainframe 
communications remain on IBM's SNA. 

AXA develops an enterprise customer file, an 
enterprise directory and an agent file. It also intro- 
duces a proprietary application security system 
for authentication and authorization. 


@ Number of applications benefiting from 
code reuse: Five 


® Estimated cost savings: $8 million 


saging services that need to take place 
among different AXA applications out- 
side of the applications themselves. 


An advantage of this approach is that } 


“it’s a simpler form of managing the 
underlying plumbing so that develop- 
ers aren’t forced to become familiar 
with it,” says Dave Caddis, vice presi- 


dent of application infrastructure man- : 


agement at El Segundo, Calif.-based 
Candle. “It also makes it much easier 
for the development community to de- 
liver a faster return on investment.” 


Integrating Siebel 

AXA’s new Web portal is another ex- 
ample of how the company was able to 
quickly incorporate existing services 
into a new application. The portal, 
which serves the sales staff, integrates 
AXA’s e-business services with Siebel 
Systems Inc.’s CRM software and 


AXA’s services-based architecture. The } 
system combines Siebel’s sales, market- : 


ing, call center and analytical products 
with Sun Microsystems Inc.’s Sun ONE 


Portal Server. The project took a year to : 


complete and is now being piloted by 
about 100 beta testers. 

“The value to our sales advisers has 
been huge, because they have to have a 
current picture of customer relation- 
ships,” says Dave Wollin, AXA’s group 
director of e-business. “Advisers now 


log into the portal in excess of 40 times } 


a month. When they started, it was 15 
or 16 times a month, but now it’s multi- 
ple times a day.” 

Rafe says that one of the primary rea- 
sons AXA was able to complete such a 
huge project in a comparatively short 


period of time was its ability to take ar- : 


chitecture-based services such as the 
ability to aggregate customer data 
across multiple accounts and plug that 


capability into the Siebel system, rather : 


than create it again from scratch each 


¢ 1997-2001 


® Architectural focus/objective: Web and 
open systems. 


® Key technologies: CORBA, lona Technolo- 
gies Ltd.'s Orbix product. Web application server 
software from Sun Microsystems’ NetDynamics. 
Also deploys Solaris and Sun ONE Directory 
Server, Sun ONE Portal Server and Sun Web- 
server. The PC browser software is Netscape. 
IBM's MQSeries middleware (subsequently re- 
branded WebSphere MQ); Candle’s Roma soft- 
ware (now PathWAl). 


@ Number of applications benefiting from 
code reuse: 14 


® Estimated cost savings: $37 million 


time a new application is added. 

“A lot of the same services [Wollin] 
is using on the Internet for e-business 
are services we built 13 years ago for 
the PC,” Rafe says. “The services layer 
hasn’t changed that much, because 
what the customer wants to see hasn’t 
changed. It’s the technology that con- 
nects in over time that changes, and be- 
cause we've separated the services lev- 
el from the technology, we have a lot of 
flexibility to make those changes.” 

Developing and then actually adher- 
ing to an IT architecture centered on 
software reuse is something that few 
IT organizations have been able to ac- 
complish, especially over a period of 
more than 10 years, says John Rymer, 
an analyst at Forrester Research Inc. 

“It’s pretty unusual,” Rymer says. It’s 
also highly cost-effective, given the 
soft savings associated with software 
reuse, he adds. “You don’t have to re- 
train developers on new interfaces, 
and oftentimes you see higher quality. 
If you’ve developed services over 10 
years, it’s pretty stable code, so you 
can improve your performance over 
the years,” Rymer notes. 

The bottom line is that AXA has 
saved a lot of money, says CIO Bill 
Levine. “We spent about $35 million on 
our architecture, and we estimate it 
would have cost us about $90 million 
to do the same thing had we not had an 
architecture in place,” Levine says. 

Reuse also guarantees efficiency and 
minimizes risk, he says. “In terms of our 
ability to execute, we're not fragmented,” 
Levine says. “We can move developers 
from project to project, and they’re not 
only familiar with the tools used for devel- 
opment, but with the services coming out 
of it. The only real variable we have most 
of the time are the new interfaces and the 
application itself. We’re not always deal- 
ing with unproven services.” @ 44058 


© 2002-Present 


® Architectural focus/objective: Deploying 
vendor-provided, standards-based products. 

@ Key technologies: J2EE, IBM’s WebSphere 
MQ, Microsoft Metadirectory Services, BEA's 
WebLogic Server, Oblix Inc.'s NetPoint software 
for centralized security, Siebel’s CRM applica- 
tions. Also IBM's DB2-based Client Information 
Integration Solution to replace its proprietary 
customer file system. 


@ Number of applications benefiting from 
code reuse: Five 


@ Estimated cost savings: To be determined 
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MPLOYEES AT Post & Schell PC, a law 
firm in Philadelphia, need smart cards to 
ad ; do just about everything, from entering 
KS . company facilities and using elevators to 
ees , securing two-factor authentication so 

they can access IT applications. 

The firm recently started using smart 
cards as part of a move to bolster network and physi- 
cal defenses when it relocated to a new facility. 

“The big ROI we are providing our firm, our attor- 
neys and our clients is greater security,” says Lou 
Mazzio, Post & Schell’s chief technology officer. 

Like Mazzio, other users who have deployed smart 
cards say that the technology helps improve security, 
reduce password administration and support costs, 
and enable single sign-on to multiple applications 

But the upfront cost of a smart card infrastructure, 
as well as interoperability problems and the hassles 
involved in integrating the technology with existing 
infrastructures, has resulted in far slower deploy- 
ment of the technology in corporate America than 
many had once predicted. 

“The corporate market has been a tough nut to 
crack,” says Thierry Burgess, executive vice presi- 
dent of sales at Oberthur Card Systems USA, the 
U.S. arm of one of the largest smart card vendors in 
the world. 

Like public-key infrastructure (PKI), smart card 
technology is taking many years to gain widespread 
acceptance in private commercial enterprises, says 
Trent Henry, an analyst at Burton Group in Midvale, 


The “big RO!” that smart cards provide is greater security, says M COR siamese Utah. But expect to see greater adoption over the 


next few years, he adds. 

Smart cards allow companies to store passwords, 
personal identification numbers and other digital 
credentials that let users log onto corporate net- 
works or access facilities such as buildings and 
parking lots. 

In Post & Schell’s case, user authentication infor- 
mation is stored on smart cards for network access 
using RSA Security Inc.’s Smart Badging system. 
Bedford, Mass.-based RSA is also helping the firm 
embed user credential information on the same 
cards. That information is needed for physical access 
to Post & Schell facilities. 





More Features, More Savings 
The two-factor authentication enabled by such 
cards allows for better network and physical 
security, says Charles Fletcher, CIO and provost at 
Delaware State University in Dover. Smart cards can 
also help reduce some of the traditional costs asso- 
ciated with password resets and management be- 
cause the passwords are embedded directly on the 
cards, he says. 

Generally, the cost benefits increase as more ac- 
cess functions are integrated on a card, Fletcher says. 

Students and employees at the university have 
been using smart cards since last summer to log into 
Windows and Web-based applications, access dorm 
rooms and library facilities, and pay for meals in the 
cafeteria. In the future, the university plans to use 
the smart card infrastructure, which is based on 
HiPath SIcurity Card technology and the HiPath 


Cost and interoperability problems are slowing companies’ MetaDirectory software suite from Siemens AG in 


Munich, to enable access to e-commerce and pay- 


adoption of smart card technology. BY JAIKUMAR VIJAYAN =| ment applications, Fletcher says 
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Burton Group recently surveyed some of its clients 
that have deployed smart cards and compiled the 
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From a physical standpoint, the embedded read 
write intelligence in such cards allows access to be 
quickly granted, revoked or modified from a central 
location, says Neville Pattison, director of smart card 
technologies at Paris-based Axalto, which was re- 
cently spun off as an independent company from oil 
field services giant Schlumberger Ltd. 

Schlumberger is rolling out Axalto’s DexaBadge 
smart card technology to its 80,000 employees 
worldwide. The cards are being used to digitally en- 
crypt e-mail and sign electronic documents. Schlum- 


berger is also using the cards to enable log-in to Win- | 


dows applications and virtual private network ser- 
vices, Pattison says. 

“The smart card is the little agent of trust in the 
hands of an employee,” “On behalf of 
the issuer, it performs security-related operations 
and various other operations knowing the right card- 
holder is present.” 

However, several factors have contributed to the 
slow adoption of smart cards in corporations, Burton 
Group’s Henry says. 

Cost is a big one. The price tag for deploying the 
hardware, readers, middleware and software for a 
smart card system can be daunting. Midsize compa- 
nies can easily expect to spend $200,000 to $300,000 
to get started, and even pilots cost about $70,000, 
says Chris Meaney, director of secure networks at 
Siemens. On average, companies can expect to pay 
$20 to $30 per user, excluding the cost of the readers, 
card management and PKI software, according to 
Burton Group. 

As a result, smart cards are unlikely to make a 
whole lot of sense for companies with fewer than 
2,000 employees, Meaney says. 

Companies also need to have a PKI in place to use 
the encryption, electronic signing and nonrepudia- 
tion functions that are enabled by smart cards, says 
Henry. “There definitely is some serious cost-benefit 
analysis that needs to be done before companies 
start deploying smart cards,” he says. 

Technology interoperability is another big chal- 
lenge, says Mary Dixon, director of the U.S. Depart- 
ment of Defense’s Common Access Card program 
office, which is rolling out more than 4 million smart 
cards to Pentagon personnel (see box, right). 

Smart card infrastructures require a high degree of 


Pattison says. 
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interoperability and synchronization among the 
cards, readers, access-control panels and identity 
directories, and that interoperability is still not fully 
there, Dixon says. The cards themselves come with 
varying memory sizes, processing capacities, scala- 
bility, operational proximity ranges and application 
support. And applications that are enabled to work 
with one vendor’s smart card technologies may 

not always seamlessly work with another vendor’s 
products. 

Because of the size and scope of its project, the 
DOD decided to contract out its work to multiple 
technology vendors to minimize the risk of technolo- 
gy lock-in, Dixon says. But to ensure that smart 
cards, middleware and readers from multiple ven- 
dors integrated seamlessly, the DOD worked with 
the National Institute of Standards and Technology 
to develop an interoperability specification that par- 
ticipating vendors had to adhere to. 

However, because of integration issues, “if I was 
going to do a small implementation of a few thousand 
cards, I would be inclined to go with a single vendor’s 
card and use it as much as I could,” Dixon says. 


Integration Challenges 

Until recently, users have also needed to do consid- 
erable integration work to tie smart card manage- 
ment systems into PKI networks, says Oberthur 
Card’s Burgess. 

Companies also need to have a centralized directo- 
And they 
need to have a good process for communicating 
changes in the core human resources database, 
which is often the source of identity information, he 
says. That information is needed to provision, revoke 
or modify cards when employees are hired, move to 
new departments or leave the company. 


ry infrastructure in place, says Meaney. 
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The recent trend toward so-called smart tokens 
that can plug into standard Universal Serial Bus 
ports on computers could also divert attention away 
from traditional smart cards. Herndon, Va.-based Ex- 
ostar LLC, an online trading exchange created by 
Raytheon Co 
and Lockheed Martin Corp., is using smart tokens 
from Aladdin Knowledge Systems Ltd. in Chicago. 
The tokens allow Exostar to store digital certificates 


companies such as The Boeing Co., 


and automatically fill in log-on fields, passwords and 
Web site shortcuts, as well as encrypt and decrypt 
files and e-mails, without requiring 
a special card reader, says Jeff Nigriny, 
security officer. 

But there are some factors coming together that 
could finally begin to spur broader corporate 
tion, says Herb Mehlhorn, senior product manager 
for RSA’s smart card business. 


an investment in 


Exostar’s chief 


adop 


New-generation smart card technologies based on 
a set of Java standards promise more interoperability 
and functionality, Mehlhorn says. 

Massive smart card deployments by federal agen- 
cies such as the Defense Department and the Depart- 
ment of Transportation have begun pushing technol- 
ogy costs lower, he says. And companies are coming 
under increasing regulatory and legal pressure to 
demonstrate due diligence when it comes to user 
authentication. 

The embedded PKI certificate server support in 
Microsoft Corp.’s Windows Server 2003 could also 
begin to make it easier for users to snap smart cards 
into PKI networks, Henry says. 

I don’t think there’s anyone that refutes the 
hood that smart cards will be in every wallet 10 years 
from now,” says Pete Lindstrom, an analyst at Spire 
Security LLC in Malvern, Pa. 
that’s going to be interesting.” 


likeli- 


“Tt’s how we get there 


@ 44310 


LEADS THE WAY 


Card (CAC) program, through which smart cards will 
be issued to more than 4 miilion military personnel, 
civilan DOD employees and contractors, isthe lergest 
smart card project currently under way. - 

When july deployed next month, the 32B chip- 
based cards that incorporate Java technology will 
serve as military ID cards and provide access to physi- 


Mary Dixon, director of the CAC program program: 
Caen eae. 


‘the use of digital signatures for electronic documents, 
Dixon says. 
So far, about 3.5 million cards have been deployed 


at arate of more than 10,900 cards a day from 900 


centers worldwide. Dixon says. 
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RUSHING 
TOWARD 


From 1995 through 2002, | 
Christopher Meyer was di- | 
rector of the Center for | 
Business Innovation, a | 
think tank withinCap | 
Gemini Ernst & Young. 
While there, he founded 
Bios Group Inc., a Santa 
Fe, N.M.-based venture 
that invests in business 
applications of complexity theory. | 
In 2002, he founded Nerve in Lexing-_ | 
where he’s now applying 
adaptive systems theory to understand 
how businesses can evolve a 
ly in response to economic volatility. 
He’s also researching the coming “mole- | 
cular economy,” to be driven by 
the rapidly developing fields of 
nanotechnology, biotechnology 


ton, Mass., 


utonomous- 


and materials science. 

With Stan Davis, he has co- 
authored three books, most re- 
cently It’s Alive (Crown Business, 2003). 
Computerworld’s Gary H. Anthes re- 
cently asked Meyer about some of the 
concepts in the book, which looks 10 
years into the future. 


What does the maturing of IT plus the rise of 
the so-called adaptive enterprise imply for IT 
people? Aim as high in the value chain 

as you can. If IT is what you love, look 

at the world of autonomous agents, of | 
pattern recognition, of globally distrib- | 
uted decision systems, where the next | 
killer apps can come from. The eco- 
nomic value of the day-to-day IT jobs | 
is going to decline and perhaps go 
overseas. 


You cite companies such as John Deere, IBM | 


FUTURE 
WATCH What about agent-based simula- 


and General Electric as using genetic algo- 
rithms (GA), in which rules in software 
evolve spontaneously, breeding better and 
better solutions. How important is that con- 
cept? It’s the leading end of a wedge. 
GAs are one of a number of techniques 
under the category of nondeterminis- 
tic programming, where the objective 
is not to create code that never has a 
bug and gives you the same answer 
every time, but to solve problems that, 
in some cases, may be impossible for 
us to understand because they are non- 
linear and nondeterministic. 

In some cases, if you run it twice, 
you won’t get the same answer, but you 
might get equally good answers. The 
application of GAs is a pretty 
scarce skill. 


tions, another nondeterministic 

computing technique that your 
book says is used by Southwest Airlines, the 
U.S. Marines, Walt Disney and a few other 
organizations? It’s so far used by a hand- 
ful of people in very customized ways. 
It will have a profound impact on the 
social sciences. It’s the right way to 
model systems of people, of consumer 
behavior, for example. The technique 
is pioneering today, but it’s good 
enough that it’s worth investigating, 
because it’s a small expenditure for 
something that may yield new insights. 


Will we see these techniques appear in com- 
mercial supply chain packages? Yes, I 
know that [i2 Technologies and SAP] 
have been working on some of these 
ideas. One of the major competitive 
battle fronts will be making these 





packages more adaptive to real-time 
operations conditions. 

In supply chains, things take a num- 
ber of days to move from one place to 
another, but during that time, it may be 
that the highest and best use of some- 
thing has changed, and so its destina- 
tion should change. So, how do you 
build into your management of re- 
sources this real-time, sense-and-re- 
spond capability? It’s real-time supply 
chain optimization, as opposed to opti- 
mization within a previously fixed set 
of rules. 


You mention real-time pricing as one specific | 


application of these nondeterministic tech- 
niques. Yes, the ability to say, for exam- 
ple, “This car ought to be priced over 
sticker and this model ought to be 
deeply discounted based on what’s on 
the lot” is an example of a capability 
that’s going to go into the big packages. 
In order to support that kind of thing, 
IT people will have to look at informa- 
tion as a data stream about the world, 
not just as transactions. 


You say that much of this data stream will 
come from sensors, which will become 
cheap and ubiquitous as a result of the revo- 
lution in molecular sciences. That means 
there’s going to be a lot of data avail- 
able that didn’t used to be. So an IT 
group that’s really trying to help will 
go to its management and say, “What 
information could you use to create 
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value?” and, “We'll think about how to 
get that information in real time.” Cus- 
tomer behavior is a key one. 


What challenges does this pose for IT? If 
you take [the principles of] sense and 
respond, and learn and adapt seriously, 
you're going to have to use technolo- 
gies that handle vast data streams. For 
many organizations, that will be a new 
challenge. 


You say companies and their IT shops should 
“operate at the edge of chaos.” How can that 
be a good thing? If you believe competi- 
tive advantage lies in the ability to 
sense change in the environment and 
respond to it faster than anyone else, 
and thereby keep your opponents off 
balance even though you feel off bal- 
ance because you are operating as fast 
as you can, then IT can create compet- 
itive advantage by being able to go 
through the orient-observe-decide-act 
cycle faster. 


Might such rapid change jeopardize IT’s core 
mission? The IT group can’t view its 
mission as tending to the existing IT 
infrastructure anymore, keeping it at 
99.99% available and all that. Out- 
source the commoditized IT stuff, and 
be in the business of having the fastest 
change capability in the industry. The 
stuff that stays in-house will be some- 
what chaotic, and it should be. 


@ 44273 


According to Meyer's It’s Alive, economies follow predictable evolutions through four stages. The 
U.S. IT economy is nearing the end of its rapid-growth phase and will, over the next 10 years, be 
eclipsed by rapid advances in nanotechnology and biotechnology. Advanced applications of IT 

will center on the “adaptive enterprise,” with companies evolving in ways that resemble biological 
systems. IT itself must become similarly adaptive and will do so by employing nascent technologies 
- such as genetic programming and simulation based on autonomous agents - inspired by biology. 


Stage 4 
Organization 
(Decline) 


Business 
(Maturity) 


Stage 2 
Technology 


The adaptive 
enterprise 


Ue 


New media, 
IT services, 
portals 


Chips, operating 
systems, World 
Wide Web 


Solid-state physics, 
information theory 
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Postmerger Audit 
Quashes Trustidea 


The barriers stay up when a security audit 
reveals inadequate protections within anewly 
acquired start-up. By Mathias Thurman 


URING the past few 

weeks, almost all of 

my time has been de- 

voted to creating secu- 
rity standards in order to com- 
ply with the requirements of 
the Sarbanes-Oxley Act. That 
changed this week after a sud- 
den acquisition led to a fran- 
tic, last-minute security audit. 

Prior to this interruption, I 

had made quite a bit of 
progress. My stan- 
dards document is 
now up to about 70 
pages. I’ve tried to 
keep it short and 


to do that and be com- 
prehensive. The hard- 
est aspect of creating robust 
security standards is ensuring 
that they’re meaningful. Sure, 
I can do research and create a 
document. But the resulting 
policy may not be applicable 
to my company’s way of doing 
business or to the way it de- 
ploys a particular technology. 

To ensure that my standards 
are relevant, I'll have to meet 
with each group to which each 
standard applies, review what 
the group is doing and com- 
pare that with my best prac- 
tices. Then I'll have to change 
my standards to balance the 
company’s security needs with 
what each department is do- 
ing. If I create a standard that 
forces a group to change how 
it conducts business, users 
simply won’t comply. 

But all this went on the back 


burner today when my compa- | 


ny announced the acquisition. 
The IT security group was 
given just three days to com- 


plete a merger-and-acquisition 


due-diligence report — far 
short of the two to three 
weeks we usually have to 


SECURITY 
MANAGER'S 
sweet, but it’s difficult JOURNAL & a 


| complete such an assessment. 
| Luckily, the company we're ac- 
| quiring has fewer than 40 em- 
| ployees and only one office. 
When we acquire a compa- 
| ny, we need to understand the 
security controls around what 
| we’re acquiring, whether it’s 
people, a product or a customer 
| base. We can’t just assume that 
the company is doing business 
in a secure manner — espe- 
cially since this one 
is a start-up. We also 
need to identify se- 
curity issues quickly. 
I was once in a sit- 
uation where an em- 
ployee of an ac- 
quired company, 
fearing a layoff, copied the en- 


| tire customer database, com- 


pressed it and stored it ona 
Universal Serial Bus flash 

| memory disk. Fortunately, he 
then forgot the disk in a con- 

| ference room. We discovered 
the data only when someone 

| decided to plug the device 

| into his USB port to figure out 

| who owned it. The staffer, 

| who ironically hadn’t been 

| targeted for a layoff, was let 

| go after we found him roam- 
ing the halls asking if anyone 


The IT security group 
was given just three 
days to complete a 

merger-and-acquisi- 
tion due-diligence 

| report - far short of 

| the two to three weeks 

| we usually have. 





had seen his USB disk. 
For this acquisition, we’re 
interested in the company’s 
software. In this case, the 


| critical intellectual property 


is source code located on a 
server cluster. 


Building Trust 
Since I had just a few days to 
complete my assessment, I de- 


| cided to focus on the most 


critical areas. I wanted to en- 
sure that once we had estab- 


| lished a trust relationship be- 


tween our company’s servers 


| and theirs, we wouldn’t be in- 


troducing any vulnerabilities 
into our environment. We 
planned to link the two com- 
pany domains so that new em- 
ployees could access our hu- 
man resources, payroll, e-mail, 
shared drives and other in- 


tranet resources. Usually, if 


my group can identify threats 


| or other security issues, we 
| can mitigate those prior to set- | 


ting up that trust. 

I began by requesting a net- 
work diagram so I could under- 
stand the network topology. 
The other company has a so- 


| called DMZ, or demilitarized 

| zone, in which its e-mail gate- 
| way, domain name server, Web | 
| server and file transfer protocol 
| server sit. 


The back-end tier 
includes the corporate LAN, 
engineering lab, and financial 
and human resources systems. 
It also has a few firewalls, a vir- 


| tual private network gateway, 


routers, switches, and Solaris, 

Linux and Windows servers. 
I then turned my attention 

to the router configurations, 


| firewall rules database and 
VPN gateway configuration. I 
| needed to know how data 


flowed from one network to 


| another, any external connec- 
| tions with other third-party 


entities and who was access- 
ing the network remotely. I 
created a spreadsheet in 
which I annotated all of the 











| trust relationships and net- 


work flows. Since I had little 
time to complete my review, I 
focused on the DMZ and a 
sampling of the corporate net- 
work configurations. 

To supplement my map, I 
ran a discovery of the network 
using Nmap (www.insecure. 


| org), a freely available port 
| scanner. Nmap does a good 


job of enumerating hosts and 
identifying the operating sys- 
tem. I also ran Nessus (www. 


| nessus.org), another free appli- 


cation, to assess vulnerability. 
Meanwhile, I toured the fa- 

cility, asked plenty of ques- 

tions and noted any unlocked 


| doors, faulty alarm systems, 


lack of access control and so 


| on. Then I then sat down with 


the primary network and 
systems engineer and went 
through a comprehensive 
questionnaire. This document, 
assembled over the past few 
years, covers areas such as the 


| policies and procedures used 


in conducting business. 

The end result was fairly 
dismal. That’s understandable 
— many start-ups focus on 
their products and lack the re- 
sources to properly secure 
their IT infrastructures. As a 
result of my preliminary re- 
view, we've already decided to 
forget about establishing a 
trust between organizations. 
We'll shut down all external 


| access to the company’s net- 


work for now and just create a 
point-to-point VPN tunnel be- 
tween the companies. This 
should get us by for the next 
two weeks. After that, we'll 
move everyone into our cor- 


| porate campus. 


Although we'll keep the ac- 
quired company’s staff and 
source code, we'll abandon or 
recycle virtually all of its net- 
work equipment and other 
hardware. After I finish my re- 
port, it’s back to the Sarbanes- 


| Oxley grind. D 


WHAT DO YOU THINK? 


This week's journal is written by a real securi- 
tymaragei, “Mathias Thurman,” whose 


| name and employer have been disguised for 


obvious reasons. Contact him at mathias_ 
thurman@yahoo.com, or join the discussion 
in our forum. QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 
@ computerworld.com/secjournal 





SECURITY LOG 


Security Bookshelf 
Designing Network Security, 
Second Edition, by _ 
Merike Kaeo;Cisco 
Press, 2003. 

Security profession- 

als responsible for 

issuing recommen- 

dations during a net- 

work design or for 

conducting a security audit on 
an existing network will bene- 
fit from this comprehensive 
600-page tome. | found the in- 
formation presented particu- 
larly useful during a recent 
router audit. 

For example, Kaeo offers 
many sample configurations 
that include appropriate com- 
ments to help readers under- 
stand why a particular config- 
uration statement is needed. 
He also does a good job cover- 
ing current threats, incident 
response and policy issues. 

There’s one potential draw- 
back, however: This book 
focuses primarily on Cisco 
gear, so users of other equip- 
ment brands may want to look 
elsewhere. 

- Mathias Thurman 


All-in-One Security 
Appliance Debuts 


WatchGuard Technologies 
Inc. in Seattle has launched 
Firebox X, a line of expandable 
multifunction security appli- 
ances based on Intel technol- 
ogy that combines firewall, 
VPN, application-layer securi- 
ty, intrusior 1 prevention, au- 
thentication, and spam and 
Web filtering in a single 1U en- 
closure. (1U equals 1.75 in. 
high.) 

The appliance can be ex- 
panded based on the number 
of users as well as by function 
by purchasing a software key 
to turn on functions prebuilt 
into the box. WatchGuard says 
it plans to add support for Se- 
cure Sockets Layer accelera- 
tion, Web services security 
and a Web-based user inter- 
face in a future release. The 
Firebox X comes in four con- 
figurations and is available 
now. Pricing ranges from 
$1,990 to $4,990. 
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Fujitsu Releases 
New Blade Server 


Fujitsu Computer Systems Corp. 
has released the Primergy BX300 
blade server. Featuring Intel Pen- 
tium M 1.6-GHz processors and 
up to 4GB of ECC-protected dou- 
ble data rate synchronous dynam- 
ic RAM, the BX300 uses a 3U- 
high (1U is 1.75 in.), 19-in. rack 
that can hold 20 server blades, 
said Sunnyvale, Calif.-based Fuji- 
tsu. The BX300, which supports 
Linux or Windows Server 2003, 
starts at $6,500. 


Tripwire Net Config 
Manager Upgraded 


Tripwire Inc. has announced Trip- 
wire for Network Devices 3.0, 
network configuration manage- 
ment software that’s designed to 
manage, monitor and report 
changes to network devices. It 
can handle 100,000 devices and 
is capable of identifying devices 
with configurations different from 
established policies, according to 
Portland, Ore.-based Tripwire. 
Pricing for 100 nodes is $19,900. 


Emulex Announces 
Fibre Channel HBA 


Emulex Corp. this week an- 
nounced the Emulex LightPulse 
LP101 HBA. The Costa Mesa, 
Calif.-based vendor said the 
LP101 delivers Fibre Channel 
connectivity at about half the list 
price of existing Fibre Channel 
host bus adapters. 


SMC Launches 
WLAN Antenna 


SMC Networks Inc. last week in- 
troduced an antenna designed to 
extend the range of corporate 
wireless LANs operating in the 
2.4-GHz band. The SMCANT- 
DIFP11 high-gain antenna can be 
hooked up to any 802.1ib WLAN 
access point or router and ex- 
tends the range in point-to-point 
operation by as much as nine 
miles, according to Irvine, Calif.- 
based SMC. It will be available in 
March for $69.99. 
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Sun Refuses to 
Be Eclipsed 


CLIPSE is an enormously popular Java-based 

integrated development environment (IDE). 

IBM started work on Eclipse software in 

1999, and Eclipse 1.0 premiered in October 

2001. It soon developed a life of its own as a 
project driven by the open-source community. 


Last week an IBM-led 
consortium officially spun 
off Eclipse as an indepen- 
dently controlled open- 
source project to be man- 
aged by the nonprofit 
Eclipse Foundation. This 
move prompted Sun to 
publish an open letter to 
the Eclipse membership 
(see www.newsforge.com 
programming/04/01/30/ 
1746245.shtml for a pub- 
lished version). 

One cannot read the 
open letter without sens- 
ing Sun’s frustration with the way 
Eclipse has contributed to the success | 
of Java while simultaneously subvert- 
ing some of Java’s platform neutrality. | 
Sun dances around the issue, claiming 
that the “ 
sion about Sun adopting Eclipse as a 


sticking points” in the discus- | 


standard development platform were 
“not so much technical in nature as 
they were business-related.” 

The company then claims that 
transitioning to the Eclipse platform 
would “inhibit development of innov- 
ative technologies” and “require a 
reconstruction of all of our existing 
tools.” 


| 
Sun currently bases all of its tools on | 
the NetBeans IDE. Like Eclipse, Net- 
Beans is open-source and more or less 
community-driven. Eclipse has a larg- 
er and more active community than 
NetBeans, and that isn’t likely to 
change anytime soon. 


NICHOLAS PETRELEY is 
a consultant and author 
in Kansas City, Mo.. 
and:tounding editor of 
VarLinux.org. He can 
be reached at 
nicholas@petreley.com. 


All things being equal, 
it would therefore seem 
worthwhile for Sun to re- 
construct all of its tools 
to adopt Eclipse as its 
foundation. All things are 
not equal, however. Net- 


Beans is built around Sun’s | 


graphical interface tool kit 
Swing. Eclipse, on the oth- 
er hand, uses the Standard 
Widget Toolkit (SWT) for 


Here is the subtle but 
important difference be- 
tween Swing and SWT. 
Swing is designed to give Java applica- 
tions a unique look and feel that’s the 
same across all the platforms where 
Java is supported. Swing achieves this 


| goal at the cost of performance and, in 


the eyes of some developers and users 


| (myself included), aesthetic appeal. 


SWT is, in a sense, an anti-Swing. 
SWT is designed to give Java applica- 


| tions the native look and feel of non- 


Java applications on any given plat- 
form. SWT does not go so far as to de- 
rail the platform neutrality of Java, 


however. SWT exploits the speed and 
| usability of each native interface while 


insulating programmers from the dif- 
ferences between platforms. 
Obviously, this goal is not easily at- 


| tained, as is evidenced by the fact that 
| you can’t even print files from SWT 
| applications that use the GTK (Gimp 


Toolkit) graphical interface. 
SWT had a crucial role in the suc- 


its graphical user interface. 


| components into SWT. 





cess of Eclipse because its speed and 
native look and feel made Eclipse 
more attractive than Swing-based 
development tools. The problem for 
Sun is that SWT didn’t buy into the 


philosophy that Java is the platform, 
and that the underlying operating sys- 
| tem should be totally irrelevant. Yet 


Sun is hard pressed to complain be- 
cause Eclipse has contributed greatly 
to the success of Java. 

There are many reasons why | 
would use Eclipse over NetBeans, 
but SWT is the least of them. Given 
the speed and low cost of today’s 
PCs, I find the performance advan- 
tage of SWT over Swing to be barely 
perceptible. One could argue that 


| SWT applications are prettier than 


Swing applications, but as time pass- 
es, SWT seems more like a divisive 


| duplication of effort running out of 
| problems to solve. 


SWT has a strong following, though, 


| and that’s likely to keep it alive long 
| after it has outlived its original pur- 
| pose. Can SWT co-exist with Swing in 


the long haul? Sun is attempting to 
bridge the two graphical tool kits by 
making it possible to embed Swing 
That’s likely 
elicit no more than a yawn from the 
Eclipse community. Even if Sun can 
come up with a component that is 


| compelling enough to make Eclipse 


users want to adopt it, Eclipse fans are 

more likely to reproduce the compo- 

nent in SWT than use a Swing version. 
The Pollyanna view of the SW'T; 


| Swing debate would be that having a 


choice is always a good thing. I agree, 
as long as the choice of SWT doesn’t 
have a negative impact on the platform 
neutre ality of Java. @ 44494 


| WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 





MODERATOR 
Dr. Jim Metzler 


FAST, FOCUSED, EFFECTIVE 


breakthroughs in caching and 
compression that free up WAN capacity 
the latest in bandwidth optimization 
and usage 


current business benchmarks of 
network management 


web services that offer tighter 
management control 


strategies that integrate and support 
remote users 


WHO WILL BE THERE? 


> Dr. Jim Metzler, President, Ashton 
Metzler and Associates 


> Sandra Gittlen, Events Editor for 
Network World 
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YOU’VE BEEN WAITING 
FOR THE NEXT GENERATION OF NETWORKING 
AND ALL THIS TIME, IT’S BEEN RIGHT THERE WAITING FOR YOU 


Within your notebooks, PDAs and networking gear are chips that enable you to more securely unleash the full power of high-speed 
wireless networking. When Dell,” HP,” palmOne” and Sony Ericsson” are looking for best performance, they turn to Broadcom.® In fact, 


our 54g™ wireless LAN chips are available in over 95% of major notebook brands offered with 802.11g.' And with Broadcom you can 


expect interoperability among 802.11a/b/g networks and powerful security for your wireless LAN, with CCX, WPA, and AES technologies 


built in. Whether you’re on a wireless PAN, LAN or WAN, Broadcom solutions ensure the devices you use today—and those you add 


tomorrow —will connect reliably, seamlessly and securely. 


Find out how to build upon the Broadcom” chips inside 
your devices to create a secure high-performance 
wireless network. Download our new white paper 
‘Practical Strategies for Deploying Wi-Fi” Clients” now at 
www.gobroadcom.com/wireless 





CAREERS 

Getting the Right Fit 

ClOs need to fully investigate 
the company’s culture, politics 
and executives before agreeing to 
take a new job, advises former 
CIO Doug Lewis. Page 44 


COSTLY 


UFDHMSES 


Outsourcing may save less money than you think. The 
hidden expenses include vendor evaluation, extra securi- 
ty, airline tickets and severance pay. 


MANAGEMENT 


Q&A 
Measuring Intangible Assets 


Putting a value on a company’s intangible assets 
— including IT — is nigh impossible. But the 
creators of the balanced scorecard methodol 
ogy say measuring intangibles’ alignment with 
value-creating strategies is a good start. Page 42 


HEADLINE MAY SAY that a 
company signed a $320 mil- 
lion IT outsourcing contract, 
but the actual costs will likely 
be much higher. Behind the scenes, the 
client spends big bucks on evaluating 
vendors, managing the contract, en- 
hancing security, traveling to offshore 
sites and potentially paying severance 
packages for laid-off employees. 

And that’s only part of what can in- 
flate the dollar figure quoted in a basic 
contract. 

“Things change over time, and that 
inevitably leads to some form of cost 
shifting,” says John Hill, CIO at Praxair 
Inc., a Danbury, Conn.-based manufac- 
turer of gases. He suggests that con- 
tracts be designed to accommodate 
some flexibility, such as changes in la- 
bor er computer and network hardware. 

Other IT managers and outsourcing 
consultants point out that unexpected 
costs can arise during any phase of the 
project. Anyone considering outsourc- 
ing should take a close look at these po- 
tential costs or risk miscalculating the 
true benefits of outsourcing. 


Vendor Selection 


Many organizations overlook the costs 
associated with evaluating and selecting 
a contractor. The process typically can 
drag on for many months, depending on 
the project’s complexity, and requires 


OPINION 
The Case of the Missing Metrics 


When dealing with outsourcing con- 
tractors, “If you don’t use the metrics 
you designed and negotiated, you'll get 
the performance you deserve,” says 


Bart Perkins. Page 46 


time commitments from senior execu 
tives in IT, human resources, finance 
legal and other departments. 

“It’s a very complex [market] 
many service providers 
changing terms and condi 
Shawn McCray, a partner 
outsourcing advisory firm in 
Woodlands, Texas. 

If the potential contractors are 
ed offshore, organizations could incur 
extensive travel expenses for visits to 
evaluate services. “A lot of times, off- 
shore service providers have very good 
sales and marketing abilities, but com- 
panies need to [scrutinize potential con- 
tractors] to see what their real capabili 
ties are,” McCray says. 

In some cases, organizations will 
need to buy studies from independent 
research firms — at a cost of thousands 
of dollars — to evaluate outsourcing 
vendors, says Atul Vashistha, CEO of 
NeolT.com Inc., an offshore outsourc- 
ing advisory firm in San Ramon, Calif. 

IT and business leaders who haven't 
clearly defined the goals for the out- 
sourcing project or communicated them 
to the managers negotiating the deal 
also slow down vendor selection and 
the contract-signing process. “The peo- 
ple negotiating the contract could be fo- 
cusing on the wrong things,” which will 
result in delays in getting the contract 
ironed out, McCray says. 
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All told, choosing the right vendor 
and writing the contract costs about 
3% of the total outsourcing cost, ac- 
cording to a 2001 study of 50 IT out- 
sourcing deals by French academic 


Jerome Barthelemy. 


Transition Period 

Unexpected costs can crop up during 
the early stages of the outsourcing re- 
lationship, when knowledge is trans- 
ferred from people on staff to mem- 
bers of the outsourcing team. If the 
contractor is located offshore, that can 
mean extensive travel expenses and 
cultural or language training for em- 
ployees who visit the contractor’s site, 
possibly for months. 

If the client and outsourcing vendor 
need to transfer data between their 
systems, that might require the deploy- 
ment of additional network bandwidth 
and security technologies, says Mc- 
Cray. Companies using an offshore 
outsourcing service will also need to 
be aware of the communications and 
data encryption regulations and re- 
quirements in different countries in or- 
der to make the necessary network up- 
grades to comply with them. For exam- 
ple, compliance with U.S. regulations 
such as the Sarbanes-Oxley Act and 
the Health Insurance Portability and 
Accountability Act could lead to addi- 
tional IT costs for some financial ser- 
vices and health care companies. 

Organizations that are replacing em- 
ployees with outsourced staffs through 
layoffs or attrition could face human 
resources costs for severance pay and 
employee benefits. Depending on how 
many people are involved, these ex- 
penses can run into hundreds of thou- 
sands of dollars. Vashistha notes that 
there may also be costs resulting from 
decreased productivity of workers who 
are slated to lose their jobs. 

Some companies might have to pay 
retention bonuses to managers and 
staffers they want to keep on board 
during the transition and beyond, 
Vashistha says. “If the people you want 


10] leave, you're in trouble, 


to [retain 
he says, because the contractor often 
depends on the knowledge and experi- 
ence of these people. “Companies have 
to use good HR practices to keep the 
people they need.’ 

If the outsourcing arrangement in- 
volves moving U.S.-based people to 
overseas locations, Vashistha says, 
those costs could amount to $400,000 
to $600,000 each year per employee, 
including travel, family relocation, tax- 
es, training and other expenses. 

For outsourcing projects that involve 
the transfer of IT and communications 


assets to the contractor, organizations 
could encounter unexpected costs if 
they haven’t done a thorough, up-to- 
date accounting of assets. Textron 
Financial Corp. in Providence, R.L., 
learned this when it outsourced all of 

its telecommunications and data net- 
working operations to AT&T Solutions | 
in 1996. CIO David Raspallo says Tex- | 
tron underestimated the value of the 
assets, including servers and desktops, 
that it transferred to AT&T as part of 

its contract. The fact was discovered 
when the outsourcer did an audit, and | 
Textron incurred unexpected account- 
ing costs to fix the inconsistencies. 

“If you don’t have an asset manage- 
ment system that gives you an accurate 
and up-to-date accounting of all the as- | 
sets in the organization, that’s where 
the major surprise comes,” Raspallo 
says. “You could have some serious 
miscounts.” 


Managing the Contract 
After the contract is signed and the 
work begins, companies can expect to 
spend an average of $300,000 per year 
managing the IT outsourcing contrac- 
tor, according to Barthelemy’s study. 
“People often underestimate the 
amount of effort and energy and the 
resources it takes to manage the rela- 
tionship properly,” including the trans- 
fer of in-house and outsourcing staffs, 
says Praxair’s Hill. His company’s 
South American facilities outsource 
some computer operations, and its U.S. 
sites outsource functions such as desk- 


top support. 

“There can be significant overhead 
costs in just managing the financial 
terms on an ongoing basis,” Hill says. 
“Tf it’s an offshore contract, there can 
be substantially more overhead just 
handling the coordination of work 


MANAGEMENT 


Tips for Cc 
Outsourcing Costs 
Assess the organization’s goals 
PUM nee CMe Cl¢] 
to outsourcing, to avoid wasting 
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Consider all aspects of using an 
offshore outsourcing partner, includ- 
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regulations and security. 


Prepare for the human resources 
Pct BUF Lame OMe aT) mel) oe 
Flite cM ey VAM clit) CMM eRe) Mtl geye Ue tam 
Cy Mem AL) cece Lem tli) Uecc Bc 
cause of the outsourcing deal. 
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tionship to gain the maximum bene- 
fits possible. Create a team of expe- 
rienced project managers to oversee 
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transfer between the offshore site and 
onshore analysts. I think that’s often 
underestimated.” 

Another extra cost that may come 
up during the management phase is 
the hiring of an experienced contract 
manager. Companies may come to 
realize that no one on staff is capable 
of managing a complex project — or 
can devote sufficient time to it — and 
may instead turn to an outside expert 
for help. 

Organizations that don’t continuous- 
ly manage and evaluate the contractor 
relationship could end up with addi- 
tional costs or loss of benefits because 
they’re not getting what they paid for. 
This is especially true for companies 
that have hired multiple outsourcing 
vendors for different functions. 

McCray says it’s wise to create an 


OUTSOURCING TRANSFER COSTS 


Transition costs can add up to 5% to 15% of the annual base cost of the contract. 
Here’s an example of an outsourced data center (mainframe, Unix and NT), for 
which the total deal size is $25 million over five years, equaling $5 million per year. 


is 


Process (knowledge transfer) 
People (employee severance plans) 


Technology #® Software license transfers 
& Moving acquired hardware 
® Parallel processing for critical apps 
® New network connections 


Subtotal 
Other contingencies (10%) 
TOTAL 


ESTIMATED COST 
$50,000 
$100,000 
$100,000 
$150,000 
$50,000 
$50,000 
$500,000 
$50,000 
$550,000 
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outsourcing management organization 
that oversees long-term service con- 
tracts and understands the objectives 
of each partnership. TPI recently 
helped a client with multiple outsourc- 
ing relationships save $200 million 
over the course of the contracts by de- 
veloping such an organization. 

“You can’t abdicate management to 
the service provider, or you will pay 
the consequences,” McCray says. 

Nielsen Media Research Inc., which 
in 1995 began outsourcing select appli- 
cation development work to Cognizant 
Technology Solutions Corp., an out- 
sourcer in India, created a U.S.-based 
employee “anchor team” responsible 
for project control and quality assur- 
ance. Nielsen has created similar 
teams for other outsourcing projects 
that typically include three or four 
Nielsen employees who devote all or 
most of their time to managing the 
outsourcing work, says Kim Ross, CIO 
at the New York-based company. 

In addition, for each outsourced 
project, Nielsen relies on about three 
people from the outsourcing company 
to serve as U.S.-based liaisons and as- 
sist in project management. “This liai- 
son team is more expensive per hour 
but is warranted to avoid extra time 
and effort losses due to project control 
and business knowledge issues,” Ross 
says. In order to keep costs contained, 
it’s important to have the correct num- 
ber of people helping with contract 
management, he adds. Too many 
means higher-than-necessary fees; too 
few invites the risk of project failures. 

With a strong U.S.-based anchor 
team and liaison group working with 
the offshore outsourcing staff, Ross 
says, “the quality and delivery time 
can match nonoutsourced develop- 
ment projects, so there is no hidden 
cost due to poor project quality or 
[late] delivery.” 

Unexpected costs are sure to arise in 
any outsourcing endeavor. But with 
thorough planning and close alignment 
between the outsourcing project and 
overall business goals, companies can 
minimize those costs. 

“You need to think through the sce- 
narios and the what-ifs long term as 
well as short term” to anticipate what 
costs might emerge and ensure that 
the outsourcing provider is delivering 
the expected services, says Hill. “At the 
end of the day, an outsourcing relation- 
ship is a task-based performance con- 
tract, not a partnership.” @ 44271 


Violino is a freelance writer in Massape- 
qua Park, N.Y. He can be reached at 
bviolino@optonline.net. 





1. Instantly admitting patient. 
2. Immediately processing claim. 


3. Automatically approving procedure. 


4. Constantly tracking treatment. 


5. Directly assessing costs. 
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How valuable 
are a company’s 
IT systems, 
employee skills, 
culture? For 
many, they are 
worth far more 
than the physi- 
cal and finan- 
cial assets that 
can be tallied on a balance 
sheet. Measuring the value of 
intangible assets has been the 
Holy Grail of accounting, but in 
February’s Harvard Business 
Review, Robert S. Kaplan and 
David P. Norton, who created 
the balanced scorecard, pro- 
pose a new approach. “You 
cannot ‘value’ intangible as- 
sets,” says Kaplan, “but you 
can certainly measure them 
and their alignment with value- 
creating strategies.” 

Kaplan, the Marvin Bower 
Professor of Leadership Devel- 
opment at Harvard Business 
School, showed Kathleen Mely- 
muka how the balanced score- 
card — a methodology used to 
analyze business performance 
from four perspectives: finan- 
cial, customer, business process, 
and learning and growth — 
can help you measure those 
intangibles. 


You point out that one of the prob- 
lems in attempting to value intangi- 
bles is that their worth differs for 
different people. Can you explain? 
With tangible assets like 
buildings or machines, the val- 
ue is relatively similar for dif- 
ferent kinds of users. If I can’t 
get the maximum use out of 
those assets, I can sell them to 
someone else who can. Their 
value is somewhat indepen- 
dent of use. 





Intangible assets don’t cre- 
ate value by themselves, so 
they’re not easily tradable or 


| salable to others. Their value 


comes only in the context of 


| the organization and has to be 


linked to organizational strate- 
gy and to all the other intangi- 
ble and tangible assets the or- 


| ganization has. 


| You note that intangible assets sel- 


dom affect financial performance 


directly. How do they affect it? 
| You can’t link investments in 


intangible assets directly to a 
financial return on invest- 
ment. Improvements in peo- 
ple, systems or reward sys- 
tems of the organization work 
by improving processes, 
which in turn create more val- 
ue for customers, and that fi- 
nally results in higher rev- 


enues and margins. 


You have to work through 
this indirect chain with a 
valid strategy before you can 
realize improved financial 
performance from your IT 
investment. 


You suggest that a useful way 
of measuring the value of intangi- 
ble assets is to estimate how 


| Closely aligned those assets are 


with the company’s strategy. 
Can you explain? If you're fol- 
lowing a low-cost strategy, 
you want people trained in 


| quality and process improve- 


ment so they can reduce the 


| cost of processes and prod- 
ucts. You want IT applications | 


that promote continuous im- 
provement and quality im- 
provement, incentives that 
reward people for lowering 
costs and improving quality, 


| and a culture of continuous 


improvement. Then you have 
intangible assets aligned to a 
low-cost strategy. 

If you have a product-inno- 


| vation strategy, you want peo- 


ple trained in the science and 


| technology of the underlying 


| 
| 


product. You want informa- 
tion systems such as three- 

dimensional simulation and 
virtual prototyping. And you 


| want a culture and reward sys- 
tem aligned around innovation 
| and creativity. 


| You call that alignment of assets 
| and strategy “strategic readi- 


ness.” How is strategic readiness 


| related to the concept of liquidity 








in accounting? Accountants or- 
ganize balance sheets around 


| a hierarchy that puts cash, ac- 


counts receivable, inventory at 
the top, followed by longer- 
term assets like property, 
plants and equipment. 

The hierarchy is based on 
liquidity: how quickly these 


| assets can be converted to 
| cash. Intangible assets can 


also use this measure. If you 
have a very well-trained work- 
force with all the IT applica- 
tions and infrastructure they 
need, you can deliver value on 


| strategy very quickly. You 


have a high degree of strategic 
readiness. 

If you move to a new strate 
gy, and employees have to be 
retrained and reskilled and 
you need a new set of IT ap- 
plications, there’s a low de- 


| gree of strategic readiness. 


FOCUSING ON STRATEGIC READINESS 


Looking at intangible assets through the prism of 
company strategy reveals clear areas of focus for improving 
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Anew approach looks for value through the prism of company strategy. 





It will be a long time before 
intangible assets are fully 
capable of delivering value. 
So it’s a measure of how 
quickly people, systems and 
culture can create value with 
a strategy. 


| You focus on three types of intangi- 
| ble assets: human capital, informa- 
| tion capital and organization capi- 

| tal. When you look at the strategic 

| readiness of information capital, 


what are you trying to measure? 
In the internal perspective of a 


| balanced scorecard, an organi- 


zation identifies the five to 
12 critical processes that are 
most important to deliver the 
customer value proposition 
and determine the success of 
a strategy. 

For a company that is fol- 
lowing a complete-customer- 
solution strategy, does it have 
the information systems to 
understand the customer, in- 
cluding data mining capabili- 
ties and tracking of all the 
relationships it has with the 
customer? 

Fifteen years ago, when 
Procter & Gamble started to 
work with Wal-Mart inten- 
sively, it didn’t have customer- 
focused systems. Each brand 
knew Wal-Mart as a customer, 
but it was coded differently in 
each factory. Procter & Gam- 
ble couldn’t even add up all 
its sales with Wal-Mart. How 
can you have a customer- 
focused strategy without an 
integrated system? 

If you’re going to have a 
customer-focused strategy, 
you're going to need IT sys- 
tems that are very customer- 
focused. If you're following a 
low-cost strategy, you need 
IT systems that support cost 
reduction and process im- 


provement. Strategic readi- 


ness measures the alignment 


| of IT resources and capabili- 
| ties with the organization's 


| strategy. @ 44408 


| Melymuka is a Computerworld 


contributing writer. She can 

be reached at kmelymuka@ 
yahoo.com. 

This is the latest in a series of 
monthly discussions with Harvard 
Business Review authors on topics 
of interest to IT managers. 
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1. New design already tested. 

2. Suppliers already linked. 

3. Procurement already automated. 
4. Blueprints already updated. 


5. Engine all ready for takeoff. @ business on demand “at ibm.com/websphere/midd 
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“TAKE THIS JOB AND SHOVE IT,” & 
dah) Johnny Paycheck sang in 1977. He | 
was expressing the frustration of | 
being trapped in a really bad job and offering a rather | 
caustic solution to the situation 
Most CIOs have the “opportunity” to change jobs | 
more than once in their careers. Let’s assume you're | 
a transitioning CIO and have a choice of several new 


positions. Pay, benefits and perks are all about the 

same. How do you avoid Paycheck’s job from hell? 

First, evaluate the job, the company, the corporate 

structure, the political climate and your potential 

boss. Second, evaluate yourself to see if there’s a | & 
good match in each of those areas. 


THE JOB 
w Will you be happy in the job? This is the most critical 
aspect of evaluating a new job, a new boss and a new 
company. There isn’t enough money, status or securi- 
ty in any job to overcome a miserable situation. The 
job needs to satisfy your emotional and professional 
needs. It needs to match up with your present skills 
and provide growth opportunities that are in line 
with your ambitions. It needs to mesh with your pre- 
ferred lifestyle and family commitments. Some com- 
panies honor work/life balance, and some expect 
you to work 12 hours a day, seven days a week. Some 
have moderate travel expectations, and some will get 
you to Million Miler status quickly. 

Make sure you know the company’s culture and 
expectations, and make sure they match yours. Oth- 








erwise, something’s going to give. It may be the job, BY DOUG LEWIS 


your marriage or your health, but it will be more 

painful than turning down the job in the first place. 
w Can you do the job? I’ve seen people who inter- 

viewed so beautifully they could woo any hiring 


manager, even with only a so-so match to the job’s 
requirements. But they usually don’t last long. The 
shortfall in skills catches up with them, and they’re 
out. For CIOs, a lack of political skills is actually 
more of a problem than a lack of technical skills. 

Be honest in assessing your fit to the job require- 
ments. You may snow people for a while, but it’s you 
who will end up in the cold. 

m What's the future of this job? The CIO’s role doesn’t 
stay the same for long. Besides knowing the expecta- 
tions for the position today, get an idea what you'll be | 
asked to do two, three and even five years out. Make 
sure this job trajectory matches your career plans. 

mw How do you find out? Seize control of the interview | 
agenda. Ask to speak to people who would be your in- | 
house customers, peers and subordinates. Ask them | 
what they’ll expect from you in terms of deliverables, | 
schedules and cost. 

The hardest thing for me to do is the self-assess- 
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ment, so I rely on my spouse and on a few very trust- 
ed associates to be honest with me. Develop your 
own set of trusted advisers to help you determine 
your fit for the position. 


THE CORPORATE STRUCTURE 


w Know how the company operates. A company’s operat- 
ing model has a surprisingly big effect on the CIO’s 
role [QuickLink 43476]. A holding company with 
strong business units gives a CIO lots of accountabil- 
ity with little authority. In this case, persuasive abili- 
ty is an absolute must, while operational skills are 
less important. On the other hand, operating compa- 
nies with strong centralized control place huge value 
on CIOs who have excellent execution skills and de- 
tailed knowledge of every facet of the IT domain. 

Global companies require a CIO with multination- 
al experience, cultural sensitivity and a cast-iron 
butt to survive a punishing travel schedule. For- 
eign-owned companies expect you to operate in 
their style (and knowing the native language may 
be an unspoken-but-critical success factor). 

At family-owned businesses, you'll find that cer- 
tain career paths are reserved for family members 
and that you’re expected to tolerate the idiot nephew 
screwing up the network group. 

a Learn where IT sits in the company hierarchy and why. 
If IT reports way down in the organizational struc- 
ture — and you're expected to accomplish great 
change — run like hell. If IT reports to the CEO, be 
sure you can hold your own in a boardroom setting 
and be prepared for blood-sport politics. 

@ How do you find out? A quick look at the annual re- 
port will reveal the corporate structure, ownership 
and geographic dispersion. Figure out where the CIO 
sits on the organizational chart. And use the Internet 
to find articles and speeches by key executives and 
even IT staff members to learn more about the com- 
pany’s operational style. 


THE POLITICAL CLIMATE 

Gauging the job’s political climate is difficult, but it’s 
the second most important thing to get right. The 
easiest IT job can be made impossible by the wrong 
political environment. 

I watched an excellent CIO get torpedoed this way. 
He was hired by the CEO to consolidate shared IT 
functions in a company with multiple business units. 
Assured that he had the full backing of the business 
units, he took the job and charged ahead with a very 
reasonable plan. 

What the CIO didn’t know was that the CEO didn’t 
have the backing of the business-unit presidents or 
the backbone to stand up to them when they rebelled 
against losing their IT turf. The CEO backed down, 
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‘Trajectory 
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Matters 


When researching your next employer, try to identify the company's trajectory. 
\s it recovering, accelerating, coasting or failing? Each path has implications for the new CIO. 


A CIO experienced 
in doing turnarounds 
[QuickLink 41369] 


Someone who can 


in IT spending 


The ability to make quick 
assessments, build rela- 


YOU'LL tionships, execute quickly 


a and endure tough times 


and you can guess what happened to the CiO. 

I saw another exceptionally talented CIO get into a 
job well within his leadership abilities but way over 
his head politically. Denied the political “ 
his boss had promised, the CIO went down in flames. 

w How do you find out? Look your potential boss 
straight in the eye and ask if there’s solid support for 
the role you'll be asked to play. Have the business- 
unit presidents bought in? If he flinches, blinks or 
hedges, suspect that things aren’t right. Meet two or 


air cover” 


three business-unit presidents and ask how they feel 
about the CIO position and their commitments to 
what you'll be asked to do. Find some people who 
have left the company and talk with them. Best of all, 
talk with the previous CIO. 


THE NEW BOSS 


Picking a boss ranks just under picking a spouse in 
terms of impact on your life. (It’s not the same level 
of intimacy, but you'll probably spend more waking 
hours with the boss.) 

Know what’s important to you in a 
professional relationship. My list 
isn’t long: 


support rapid expansion - 
without parallel growth 


Vision, aggressiveness 
and business acumen 


DUE DILIGENCE 


An optimizer 
and cost-squeezer 


Someone dumb enough to 
take the job, barely smart 
enough to do the job and 
willing to take a meat ax 
to budgets and people 


A focus on cost details, 
process optimization and 
fine-tuning existing appli- 

cations and operations 


A coid heart 
and a bodyguard 


coasting or falling? (His trajectory will is 
your clout.) What’s his track record in previous com- 
panies? Does he understand IT? If he can barely turn 
on his computer without help desk support, he’s un- 
likely to be much of a supporter in the boardroom 
when things get tough 

m How do you find out? ap iew your potential boss 
as he is interviewing you. about I 
and seek examples. P ane for aaa he’d deal with eth- 
ically dicey situations. Ask about “the vision thing” 
and work/life balance. 
for you in the first 30, 60 and 90 days. The 
will tell you a lot about his understanding of IT 

Find people who have worked for him in past jobs; 


nis workstyle 


Figure out his expectations 
answer 


they can be a wealth of information. Google him to 


dig up his track record. Think of this as a reference 
check. A potential employer will do one on you, and 
it’s fair to do your own on him 

This is a lot of work, and it’s very differe 


the usual strategy of résumé-polishing and interview 


“nt from 


posturing, but it’s worth it. The 

best boss I ever had knew what 

IT could do and, better yet, 
what it couldn’t do. He had a 


w I need to respect my boss, 
and I want respect in return. 

w High business and personal 
ethics are mandatory. 

# Consideration of the fact 
that I have a personal life is a re- 
quirement. 

w | want my boss to be compe- 
tent. If he’s not, I can’t hope to be 
successful. 

w | hope to like my boss, but 
not liking him isn’t a stopper if 
the other criteria are satisfied. 

You need your own list — and 
don’t c The trick is to 
find out what it’s like to work for 
this person. What's his style, and 
does it mesh with yours? Does 
the boss have the clout to accom- 
plish the vision? What’s his tra- 
jectory in the company: rising, 


ompromise. 


eee UR ge) 
Gea eR CM TR Ms end iL 
CaN Acrl oe Ue eM a ee 
SCRE) ome Rue et 


eR ROR cmon mur 
the company and its executives are 
fcr aCe 


Sea eM aim Me mnt ee 
family-friefidly or travel-intensive. 


Se SOR Cir eis Cu emma 
and subordinates to find out what 
fan me a LO 


BS Mimic cm Oki 
PUP aR Meu ty 


OE eeu ee erty 
FURS aU eee CRU) Ml Res 
passé? Would you buy them? 


Sein vision for the compa- 
ny and IT’s role in making his 
vision a reality. He could explain 
what I was doing and why, even 
in the 
discussions. He had 


most intense boardroom 
high ethics, 
we respected each other. I also 
liked him. 
ess I’ve just described to find 
him. 

Do your homework, 


And I used the proc- 


and you 
could end up with the near-per- 
fect boss. Then you won't have to 
tell anyone to “take this job and 


@ 44304 


shove it.” 
Lewis, a CIO for dai is the 
founder and senior partner of 
The Edge Consulting Group LLC 
in Atlanta. He can be reached at 
edgeconsulting@bellsouth.net. 
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J.M. Smucker Board | 
Elects New CIO 


Andrew G. Platt, director of busi- 
ness technology at The J.M. 
Smucker Co., has been elected to 
vice president, information services, 
and CIO. Platt started his role last 
week at the Orrville, Ohio-based 
company, which is known for its 
fruit spreads. He will report to the 
company’s vice president and con- 
troller, Richard G. Jirsa. 


Consultancy Exec 
Now State CIO 


Lemuel C. Stewart Jr., president of 
Executive Partners, a consultancy in 
Glen Allen, Va., last week officially 
became Virginia’s new CIO. Stewart 
has more than 30 years’ experience 
in IT, including executive positions 
at QuadraMed Corp. and Trigon Blue 
Cross/Blue Shield of Virginia. Dur- 
ing his five-year term, Stewart will 
oversee the Virginia Information 
Technologies Agency. His responsi- 
bilities will include consolidating IT 
and managing nearly $500 million 
in annual IT investments. 


Video Chain Elevates 


IT Entrepreneur 


Hollywood Entertainment Corp. has 
promoted F. Bruce Giesbrecht, who 
entered the industry in the 1980s 
as a software vendor specializing in 
video systems, to president and chief 
operating officer. Giesbrecht helped 
Hollywood's founder and CEO, Mark 
Wattles, open his first store in 1988 
and has worked at Hollywood since 
1993, when he was CIO. Giesbrecht 
most recently was general manager 
of corporate operations. 


Specialty Insurer 
Promotes IT Exec 


RLI Corp., a Peoria, Ill.-based insur- 
er that offers specialty property and 
casualty coverage for niche mar- 
kets, has promoted Piyush K. Singh 
to CIO. He joined RLI in 1994 and 
has been vice president of IT since 
2000. He previously worked as a fi- 
nancial services consultant at Price 
Waterhouse LLP. 
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The Case of the 
Missing Metrics 


UCCESSFUL OUTSOURCING efforts require 
metrics that are clearly specified, effectively 
monitored and consistently correlated to the 


needs of the business. Good metrics support 
your cost and service goals and are consistent 


with your culture. Exam- 
ples include unit costs of a 
service (such as cost per 
minute, cost per help desk 
call) or response time per 
event (such as two hours 
to respond to a PC failure). 
Unfortunately, many out- 
sourcing contracts contain 
metrics that are ineffective 
and insufficient [QuickLink 
38242.] 
But even a contract that 
specifies excellent metrics 
is no guarantee of success. 
Metrics must be gathered, 
monitored and reviewed 
before they can be used to 
improve service. In many 
cases, the performance data is never 
collected, and no one even notices. 
Some organizations have downsized 
so much over the past several years 
that they don’t have enough people to 
execute the measurement processes 
specified in their contracts. Both par- 
ties are frequently guilty of not fulfill- 
ing their sides of metrics management. 
Unless service levels become intol- 
erable, many organizations believe 
that the efforts required to collect and 
manage the performance data are un- 
warranted. This can be a costly mis- 
take. One company outsourced desk- 
top procurement and management for 
30,000 desktops. The multiyear con- 
tract stated that as the PC manufactur- 
er lowered prices, the outsourcer 
would pass those reductions on to the 
company. But the customer never 
checked, and the outsourcer kept the 
difference. The company’s failure to 


monitor its outsourcer cost 
it over $1 million per year. 
Monitor your metrics ef- 
fectively by taking the fol- 
lowing steps: 
® Assign responsibility. In a 
surprising number of cases, 
the outsourcer’s adherence 
to the terms of the contract 
goes unnoticed and un- 
checked simply because 
nobody is ever assigned to 
monitor it. The neglected 
vendor gets a free ride un- 
til there’s a major problem. 
@ Establish consistent met- 
rics. Make sure your organi- 
zation and your outsourcer 
are on the same page. One 
company outsourced one of its four 
help desks. It had a proprietary system 
to measure help desk staff productivi- 
ty. The company wanted to continue 
to compare productivity across all four 
help desks, but the outsourcer used 
different software. Since the data was 
not comparable, more time was spent 
arguing about which numbers were 
correct than evaluating productivity. 

§ Trust, but verify. Don’t rely exclu- 
sively on the metrics provided by your 
outsourcer. Even if it produces volumi- 
nous reports, your organization needs 
to be close enough to the metrics to 
accurately assess their validity. 

@ Review metrics jointly. The out- 
sourcer will be more motivated to col- 
lect performance data if it knows it 


| will be held accountable. This data 


forms the basis for enforcing contract 


| penalties and paying incentives. Con- 
| duct regular review meetings with 
o 


| your outsourcer, and use this forum to 


create a joint plan to improve your 


| outsourcer’s service levels. 


@ Reward excellent performance. Before 


you put incentive clauses into a con- 


tract, carefully consider whether the 


| benefits of better service outweigh the 
additional costs. But if you put incen- 
| tives in the contract, honor them with- 


out fail. Excellent performance that 


| goes unrecognized isn’t likely to recur. 
| Even if the contract doesn’t require in- 
| centive payments, reward the out- 


sourcer in some manner. Offer to 


| serve as a reference or tell the out- 
| sourcer’s president how pleased you 


are with its performance. 
® Listen to your customers. If you've 


| outsourced a customer-visible func- 
| tion (such as the help desk), the out- 


sourcer’s performance is often the 


| only performance your customers will 


see. A customer’s perception of ac- 


| ceptable performance is as valuable as 
| any other metric. If your metrics aren’t 


accurately reflecting the needs of your 
customers, re-examine your metrics. 
@ Create a metrics management process. 
It’s crucial to re-evaluate metrics peri- 
odically to determine if they’re meet- 
ing the changing needs of your busi- 


ness, especially in long-term contracts. 


No contract can anticipate every con- 


| tingency, so make sure it specifies a 


process enabling you to change met- 


| rics as your business evolves. 


Metrics are an important key to 
leveraging better performance from 
your outsourcer. But to be effective, 
they must be an integral part of both 


| the contract and the ongoing manage- 
| ment of your outsourcer. If you don’t 
| use the metrics you designed and ne- 


gotiated, you'll get the performance 


| you deserve. © 44278 
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Openings) Responsibilities in- oe or ratte 

clude: develop, implement, mo 
in cust 


marketing co 
hire qualified cz 
jatabases { minimum, a Bach 
S and estab. 

wnication with 
SAP R/3, MS SQL 

soft CRM back 


ASP DEVELOPER t 


HTML and SQL 


WEB DEVELOPER ¢ 


maintair 


Sr. Systems Analyst 


p & upgrade 


Looking for 
a new career? 
The new 
itcareers.com 
and 
CareersJournal.com 
combined 
jobs database 
can help you find 
one. 
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www. itcareers.com ( d re 
Manager, Masterrr 


Solutions, LLC, 6000 Fairvie 


or call (800) 762-2977 Road, #1200, Charlotte 
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Find out more about ending TODAY! 
Visit www.humanresourcessummit.com—- 
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of computer programs: 
ms. Hrs: 8a-5p, M-F ode WDA/SSS 
Comp. salary/benefits. Resum rejected 
to: Lalit Patel, Pres. Raj Forward resume to Theresa 
Enterprises of Sarasota, inc Maia, ADT Security Services 
3246 17th St. Sarasota, FL Inc., One Town Center Road 


34235 Boca Raton, FL 33486 
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STRATEGIC FINANCIAL / e- 
BUSINESS ANALYST A 
Boston-area company engaged 
r 2-art records, data 
formation management 
mmediate need for two 


Strategic 


Jevelopmer 
wide deployment 
agrated O 
mplementations of 
ustomized and ven 

ware for tran 
xcessing, “OFA” deci 
rt systems, and data 
This position alsc 
ible for financial 
alysis, strategy, and 
ations architec 


st be available to 
ur Amherst, NH office. Please 
submit resumes to Auriga, Inc 
HR, One Overlook Drive 
2, Amherst NH 03031 or 
kbutt@auriga.cor 
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Information Systems West 
Marine, the nation's largest spe- 
ialty retailer of boating supplies 
has an opening for 
Sr. Network Manager - 
Engineering & Design 
Responsibilities inciude design 
engineering, and project man 
ment for tire network, data 
1ter and telephony infrastruc- 
ture. Switching/routing _ infra- 
structure LAN/WAN PBX 
Voicemail/ACD/Call Center sys 
tems, B2B connectivity, network 
security infrastructure, SOHO 
Remote access, data center ser 
vers and rage solutio 
od NC and directory tech 
ologies Novell/Microsoft) 
email/messaging, and corporate 
B2E E >b/Portal infra 
us is on IT 
Position re 
2ct mgt, tech 
c skills, and 
4emonstral bilit manage 
a team 


7+ yrs 

a mgt role 
demor 
manage pr 

of $300K. BS 


niputer 


Software Professionals 
RS Software, a leading, glob 
ly positioned software develop: 
ment & consulting firm needs 
software professionals with 
exp. in the following skill mixes. 
Systems Analysts: Oracle, Unix 
SQL Server, MPEX, MVS & DB2 
Programmer Analysts: Asse- 
mbler, C, C++, TPF & Windows. 
Business Systems Analys 
Requirement Analysis, mark 
ing of customer specific IT solu 
tions, liaise between multination 
a lients & IT professionals 
preparation of project plans & 
technical proposals, assess 
customer satisfactior IT 
chnica Services Coord 
inators: Liaise with in-house IT 
directors & with the directors of 
the consulting services at multi 
national clients to coordinate & 
optimize IT services & minimize 
aggregate IT operational costs 
through appropriate triangula 
tion of in-house contractors 
Jomestic outside & overseas 
out-source. Undertaking of 
major infrastructures, IT deve’ 
opments & modifications & 
update technical innovations 
Send resume to’ HR, RS 
Software (1) Ltd. 1900 M rthy 
Bivd., # 103 Milpitas, CA 95035 
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research, applied 
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ord Keeping & Daily Trading 
app!. systems, Windows NT & 
Digital UNIX, Sybase, MS 
Access, C, C++ Java, Java 
Script, HTML, VB, VB Script 
SQL, SQR, PVCS AST, & 
Unix Shell scripting. 40hrs/wk 
M-F, Send resume & cvr. ltr. to 
John A. Craft, WyStar, 9210 
Corporate Bivd Ste. 300 
Rockville, MD 20850 No 
Phone Calis 
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Software 

Mor 

Jev computer software 
junction with hardware prod 

uct development. Consult with 

hardware eng & other eng staff 
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system. Pr 

jects 
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PM): Need tc 


a software 
y and 
perf ywmed 
Vermont z 
throughou' 4 
resumes to No 
Box 488, Montpelier 


488 


Sr. Systems Analyst 


Design, develop programs using 
Data warehousing concepts and 
datamodeling. Masters degree 
in Comp. Sci. or Apps. reqd 
Must have two years of demon- 
strable prof. exper. using and 
Datastage 4.0/5.0, relational 
databases Teradata/Oracle. 
SQL Server, Datamodeling with 
Erwin, OLAP tools, OLAP Tools 
Microstrategy, Actuate, ETL 
Informatica 5.1/6.1 on 
rms Win NT, Solaris and 
Must be willing to fre 
quently relocate. $66,550/yr 
F/T, hrs. vary. Resumes to Site 
Admin., Greene Cty. Careerlink 
4 W. High St., Waynesburg, PA 
15370-1324. Reference Job 
Order # 388667 


Web Developer: Research, de- 
sign, develop, test, implement 
and support company's web 
applications and databases us- 
ing Dreamweaver, Authoware & 
MS Frontpage. Elevate the cap 
abilities of web-related systems 
to support business process 
improvements; assure 
applications meet cor 
tandards, security, and legal 
requirements. Participate in gen 
eral systems mainter ar 
technical administrat 
applications. Req. Bachelor's 
degree or equivalent in Comput 
er Science with proficiency in 
Visual Basic and SQL 
2 Microsoft Certified Sys- 
er. 40 hours/week, 9 
ntact Mandarin Antiques 
) Miami Circle NE 


ita, GA 30324 


Information Technology 


ECOMXE, | has multiple 

Information Technology Officer 

Specialist positions ava 

Irvine, California office. Respon 
ble for managing information 


systems for multi-national 


hange 

ages used in grocery/reta' 
justries. This a manage 
and the 


t least 


a 
experience 
sume and 

redentials uman Resourc 


es, ECOMXE 


ess Ce ve, Suite 100 


191 Busin 


PROGRAMMER ANALYST/ 
SOFTWARE ENGINEERS 


Several Sr. & Mid 


VSAM, DB2 
ORACLE, JAVA, SERV. 
XML, EJB, C vC 
SYSTEM ADMIN, DBA's, SAP. 
Seibel, Peoplesoft & Technical 
Recruiters.Please mail res 
to Attn: HR Der 
Inc., 1 New Hampshire Avenue 
Suite125 P NH 


ising 
ESsaL 


related 


ava, SQL, ESOL 
nsact-SQL, DHTML, ASP & 
Report 
Pern 
Resume to J. Leonard (REF 
SDJ), S1 
Centre Dr. 300, Charlotte 


NC 28217 


Corr Coliseum 


DP Powerhouse ks for S/W & 
IT engineers (BS v 
develop COM+ components 
ising SQL, ADO & stored proce 
jures, Oracle/SQL; create web 
based Admin Tool; use J 
XML, ASP, C++, COM+, VB 
SQL, IIS, Access & Oracle 
Please contact 
jobs@dppinc.com. EOE 


lyr exp) to 


System Analyst or Software 
Engineers wanted by Mobics, a 
small but stable company. Job 
duties include work on 
Java/Script, JSP, Serviets, Unix 
Oracle. Travel maybe required 
Min qualification is BS+exp 
Competitive wage with full bene- 
fits. Please apply at 
info@mobics.com. EOE 
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Programmer Analyst (Des 
Monies): design, dev & imple- 
ment customized software pro 
grams for industrial, high tech 
advanced financial, business & 
Scientific applications. Will use 
Java, EJB, MQ Series, MQSI, C 
C++, VB, Oracle, Websphere. 
5/390, J2EE, Cobol, CIC 
DB2, JCL, Win NT, Unix, IBM 
Mainframes, ASP, SQL Server 
etc. Req'd Bach's in CS, Eng 
Math, or MIS, 2 yrs exp in job or 
Systems Analyst. 40 hr/wk 
mon-fr ) am to 5 pm 
$65.000/yr. Must have proof of 
gal authority to work in the 
United States Send 
resumes to lowa Workforce 
Center, 215 Watson Poweil Jr 
Des Moines, lowa 50309. 
Order 
1A1101848 


advertisement 


Management Business Analyst 
Wachovia Corp. Analyze user & 
bus. reqs. & engage in project 
planning systems analysis & 
design, & system 2nfiguratior 
mgmt. for securities processing 
systems on the basis of portfolio 
management accounting & sec- 
urities lending system expertise 
Reqs. MA in Bus. Admin., F 
nance, or Info. Systems & 3 yrs 
exp. in the job offd. or 3 yrs. exp 
5 or Programmer 
3 yrs of reqd. exp 
work w/ appl. dvip 
2rver 2000 or equiv 
Java, VB, and COBOL and 
must incl. working w stment 
accounting and securities char 
acteristics valuation fundamer 
tals. 40 hrs/w 
ume and cvr 
Eyink, 11440 Sar 
3rd F r A 


90049. No phone cails 


ansulting is looking 
yram or system analysts 

IT engine Candidate must 
have BS/M 2e. Travel is 
2 f ns 

VB, Oracle 

5 Java 
lease 
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istomer Management 
4S openings for 
2d IT professionals te 


ycle IT & bus 


JSP, UML 
Java VB 
cr rt 


Solution Architect wanted 
for computer s/w and relat- 
ed prof services co 
Requires M.S. in C.S., E.E 
or related engg. or tech 
field plus 3 yrs. exp. with 
Jyacc Jam/Prolifics, Scribe 
SQR, Oracle PL/SQL, IBM 
Web Development Tools 
multiplatform Windows/Unix 
env. Send resume to H.R 
Dept., ViryaNet, Inc., 2 
Willow Street South- 
borough, MA 01745 


ynergetics Incorporated seeks 
an Application Developer 
(Programmer/Analyst) to work in 
Fort Collins, CO and other unan- 
ticipated job sites in the U.S. to 
design, develop, implement, and 
maintain ERP software systems 
and data warehouses. Req- 
uirements include a Bachelor's 
degree in computer science or a 
related field; Two years of expe- 
rience designing and developing 
ERP software applications 
Working knowledge of Data 
Warehousing, Informix, JAVA 
OOP and XML. Respond via 
resume to Bonnie-Lee Bowman, 
Synergetics Inc 1520 S 
College Ave., Fort Collins, CO 
80524 and refer to 4356TP. 





Computer Professionals (pro- 
grammer, system analyst, soft- 
ware or project engineers) want 
ed E-Con. Candidates must 
have minimum BS or equivalent 
degree with IT experince. Use 
Weblogic 6.0 Application server. 
Java Servlets, XML. Please 
send resumes to: hrd@goe 
con.net. EOE. No calls 

Programmer/System Analyst or 
Software Engineers wanted by I- 
ntigrators, LLC. Perform NT 
UNIX and §=SQL Server 
Database administration, use 
SunOne Iplanet 4.1/6.0, RSA 
Cieartrust 4.0/5.0, Websphere. 
Min qualification is BS+exp 
Please apply at rory 
goldson@hotmail.com. 
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LUCKILY, WE ARE Too! 


itcareers.com is now 
powered by 
CareerJournal.com! 
Search for jobs and post 
your resume here on 


www.itcareers.com 


IT Education & Training Directory 


Contact the companies listed below 


ag 
to help you with your training needs! OER ae Ree Ee dYarn as 


IPexpert, Inc. CBT Nuggets 

(866) 225-8064 (888) 507-6283 & (541) 284-5522 

www. ipexpert.com www.cbtnuggets.com 

CCIE (R&S, SEC, and C&S), CCSP, Affordable training videos on CD 

CCNP, CCNA, IP Telephony MCSE, MCDBA, MCSD, CCNA 
Citrix, Linux, A+, Net + 
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Continued from page 1 


Amex Offshore 
against disclosing such infor- 
mation. What’s clear is that 
some IT employees within 
Amex are disturbed by what 
they understand to be a major 
offshore shift. 

“They qualify as one of the 
Benedict Arnold companies 
exporting jobs overseas that 
[presidential candidate] John 
Kerry has been talking about,” 
said a current Amex employ- 
ee, who spoke on condition of 
anonymity. 

According to the former 
Amex IT employee, most of 
the offshore work “is likely to 
go to India because they al- 
ready have staff there.” How- 
ever, he said that Accenture 
Ltd., which is in a long-term 
IT outsourcing deal with 
Amex, is subcontracting a por- 
tion of the development work 
to Chinese IT agencies. Com- 
puterworld was unable to cor- 
roborate that, however, and 
Accenture didn’t respond to 


Continued from page 1 


Weak Dollar 


his offshore services company will 
absorb the financial impact, and 
he expects competition to keep 
other Indian firms from raising 
prices, at least for now. “Compa- 
nies are not taking the risk of go- 
ing back to their customers” to 
renegotiate contracts, Kumar said. 

But Indian service providers 
may not hold back for long. Users 
of offshore services, which are typ- 
ically contracted in U.S. dollars, 
may see price increases, along 
with contracts that share the risks 
and rewards of currency changes, 
outsourcing consultants said. 

Mike Murphy, an attorney at 
Shaw Pittman LLP in Los Angeles 
who represents buyers of offshore 
services, said the margin pressures 
facing Indian suppliers will likely 
lead to increased rates. But users 


| requests for comment by press 


time. 

According to Avivah Litan, 
an analyst at Gartner Inc. in 
Stamford, Conn., Amex is in- 
deed looking to expand its off- 
shore software development. 

“This is the IT development 
and maintenance staff for 
their credit card stuff, includ- 
ing risk management, charge- 
back and all the applications 
associated with that,” Litan 
said. “It’s going to make every- 
one [in Amex’s IT depart- 
ment] really nervous. It’s very 
scary to the employees. 

“The reason people at Amer- 
ican Express are so scared to 
tell the IT employees that they 
may lose their job is those em- 
ployees can wreak havoc with 
the systems,” Litan said. 


Maintaining a Mix 

Tony Mitchell, a spokesman 
for Amex, said he couldn't dis- 
close any plans for IT layoffs, 
either short or long term. 
Mitchell said he wasn’t per- 
mitted to discuss details about 
Amex’s plans for offshore out- 


may have choices, he said. Some 
contracts may carry higher labor 
rates but lock those rates in for a 
defined period of time. Another 
model may give users the lowest 
competitive rate upfront but include 
a formula for adjusting those rates 
in response to currency and infla- 
tion changes, Murphy said. 

Lance Travis, an analyst at AMR 
Research Inc. in Boston, said 
many Indian IT shops have been 
trying to raise their fees recently, 
in part to offset exchange-rate dif- 
ferences. But they haven't had 
much luck, he said, largely be- 
cause competition in India is fierce 
and the U.S. economic recovery is 
still in its early stages, giving Indi- 
an firms little leverage. 

Differences in exchange rates 
haven't been on the radar screens 
of IT managers such as Jean 
Davis, senior executive vice presi- 
dent of IT, e-commerce and opera- 
tions at Wachovia Corp. “I don’t 
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sourcing or its contracts with 
vendors, but he did say that 
Amex isn’t shifting the amount 
of offshore outsourcing the 
company performs. 

“We've had a fairly steady 
number of employees. That 
work gets supplemented by 
third-party providers. At any 
given point in time, there can 
be a shift in the mix in terms 
of who and where that appli- 
cation development work is 
getting done,” he said. 

Amex has long used off- 
shore services to expand its 
global reach and flexibility in 
developing new products. 

Certainly cost is a factor, 
but we’re not going to sacri- 
fice service, quality and effi- 
ciency for cost,” Mitchell said. 
“Of course, people have differ- 
ent feelings and thoughts 
about it, but our employees 
know that our objective is for 
the company to grow overall 
both in the U.S. and outside 
the U.S., which in the end ben- 
efits not only our sharehold- 


ers, but also our business and 


employees as well.” 
i. | don’t think 
we've fac- 
tored [the weak 
U.S. dollar] into our 
decision-making, 
since the differen- 
tial in [U.S. and 
Indian labor costs] 
is so dramatic. 


think we've factored [the weak 
U.S. dollar] into our decision- 
making, since the differential in 
[U.S. and Indian labor costs] is so 
dramatic,” she said. The Charlotte, 
N.C.-based financial services com- 
pany has a handful of “small” proj- 
ects in India, Davis said. 

But the issue is likely to get 
more attention. The dollar is down 


The reason 

people at 
American Express 
are so scared to tell 
the IT employees 
that they may lose 
their job is those 
employees can 
wreak havoc with 
the systems. 
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AVIVAH LITAN, GARTNER INC 


Since 1994, Amex has oper- 
ated its Financial Center East 
in New Delhi. It’s one of the 
company’s three major trans- 
action-processing centers. The 
other two are in Phoenix and 
the U.K. 

“Having people who are ca- 
pable of doing work around 
the world we think gives us 
greater flexibility to meet our 
technology demands, and we 
also think it’s consistent with 
serving a global customer 


base,” Mitchell said. 


13% since early 2002 when 
weighted against all currencies, 
said James Glen, a senior econo- 
mist at Economy.com Inc. in West 
Chester, Pa. This change varies by 
country: Weighted against the In- 
dian rupee, the dollar is down 
7.5% since 2002, but against the 
Canadian dollar, it has dropped a 
whopping 18%. 

Curtis Helsel, vice president of 
data and technology management 
at the University of Colorado Foun- 
dation in Boulder, turned to near- 
shore service provider Center- 
Beam Inc. last year to manage the 
group's infrastructure and help 
desk support. The foundation's 
operations are managed at Cen- 
terBeam’s facility in Saint John, 
New Brunswick, under a three- 
year agreement. 

Helsel said he has two concerns: 
how the long-term exchange trend 
might affect his contract renewal 
price, and whether it could lead to 
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Amex is following an off- 
shore outsourcing trend that 
has emerged in the financial 
services sector and in other 
industries. Gartner predicts 
that by the end of this year, 
one in every 20 U.S. IT jobs 
will have moved offshore. 

“All the New York banks and 
brokerages have been doing 
this. First Data Corp. has out- 
sourced most of its develop- 
ment to India. They’re upgrad- 
ing the entire credit-card- 
processing platform there,’ 
Litan said. 

A spokeswoman for First 
Data declined to comment on 
the bank’s offshore outsourc- 
ing plans. 

James Beams, an analyst at 
Financial Insights in Framing- 
ham, Mass., said that while he 
hadn’t heard of any specific 
plans by Amex to expand its 
offshore outsourcing, it would 
not surprise him. 

“It’s a megatrend. The ques- 
tion would be, ‘Why 
doing such a small fraction of 


are they 


it right now overseas?’ ” Beams 


said. @ 44543 


cost-cutting actions by the provider 
and potentially affect the founda- 
tion's service levels. 

Keith Roberts, chief financial of- 
ficer at San Jose-based Center- 
Beam, said the currency impact is 
minimal and won't affect services. 
U.S. companies don’t send work 
to Canada primarily because of the 
currency rate but rather because 
of other factors, such as a talent- 
ed, lower-cost workforce and low- 
er real estate prices, Roberts said. 
But if the currency trend were to 
continue, the company might ap- 
ply “hedging” strategies. such as 
buying Canadian dollars in ad- 
vance of a saic increase, he noted. 

if the U.S. dollar continues its 
decline - and Glen said he believes 
that will be the long-term trend - 
offshore vendors may be inclined to 
begin sharing the risks and rewards 
of currency fluctuations with their 
customers, outsourcing consul- 
tants said. @ 44601 
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‘Teach Your Users 


IKKO HYPPONEN has lost faith in educating users 
about worms and viruses. “It never helps; people 


will never learn. . 


.. They will click on everything,” 


Hypponen told the Reuters news service last week. 
“We really have to take security to a higher level 
and take the responsibility away from the users.” 

Hypponen’s despair is understandable. He’s director of antivirus 
research at Finnish security vendor F-Secure Corp. He had spent the 
previous week watching the Mydoom worm do its work. 

He’s right: Educating users about viruses isn’t working. 


Trouble is, there really isn’t anything better. 

Actually, virus education used to work pretty 
well. It consisted of telling users, “A virus can 
wipe out everything on your hard disk.” Those 
10 words got their attention and convinced 
them of the value of antivirus software and safe 
computing practices all at once. The threat of 
total annihilation will do that. 

What changed? Users didn’t really get dumb- 
er. Virus writers got smarter. They stopped cre- 
ating worms that erase hard disks and destroy 
data. To the half-million or so small-business 
and home users whose PCs were infected by 
Mydoom, the worst that happened was that 
their Internet connections were a little slow. 

The threat — to them — was gone. 

The result? Those Mydoom-infected PCs 
formed a huge denial-of-service gun aimed 
directly at SCO.com. When the trigger was 
pulled, SCO.com was blown off the Web. That 


wasn't just a threat; it was a thoroughly success- 


ful DoS attack. And now that Mydoom has 
proved the concept with SCO.com, anyone 
could be next. 

So, what can we do? Can we take it up a level 
so we don’t have to worry about educating 
hopeless users? 

Let’s see. What if Microsoft bun- 
dled antivirus software with its op- 
erating systems, provided free 
virus-defin ‘ion updates and even 
made the updates automatic? Then 
all those users would be protected. 

But it would require that a con- 
victed monopolist roll over the en- 
tire antivirus industry. And antitrust 


users? Bill Gates isn’t that kind of philanthro- 
pist. And if users don’t see a threat, they won’t 
pay for it. 

Let’s try again. Anyone connected to the In- 
ternet must have an Internet service provider. 
Should ISPs automatically scan all Internet traf- 
fic for viruses? That piles a big, expensive pro- 
cessing load on ISPs, along with a load of legal 
liability. It’s already a low-margin business; ISPs 
aren't going to take on huge extra costs and 
risks voluntarily. They can’t afford to. 

How about virus filtering at the Internet back- 
bone? Not a chance — it’s ISP economics, but 
with a cost that’s orders of magnitude greater. 

OK, what about a law that requires every PC 
to have antivirus protection? Good luck enforc- 
ing it — scofflaws already ignore far more criti- 
cal legal requirements. Besides, who’s going to 
notice that a user has no virus protection unless 
there’s a Mydoom-like outbreak? And if there is, 
who’s going to single out one user in 500,000 
for legal action? 

Even if big corporations subsidized antivirus 
software for home users, there would still be 
plenty of users who just wouldn’t bother to in- 
stall and update it if they didn’t see a need. 

Which brings us back to educat- 
ing users. Sure, it seems hopeless. 
But we’ve got to redouble our ef- 
forts to make users understand that 
the threat from worms and viruses 
is real and that the damage costs all 
of us — including them. We can try 
to beef up operating systems and 
ISPs and the Internet. But ultimate- 
ly, users are the ones who can stop 
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it’s All in the Debugging 


This VP of IT regularly assigns impossible deadlines, 
fails to provide resources and generates a high stress 
level. “The extreme stress caused many employees to 
frequently call in sick,” says pilot fish at the company. 
No, it can’t be the stress that's doing it, VP decides - 
it must be germs in the ice machine. “He had the 
machine completely disinfected and then handed out 
cans of Lysol for us to spray our cubicles each night,” 
fish says. “Everyone still continued to call in sick, and 
most left for other jobs, but we did have the most 
germ-free environment in the company.” 


Not Your Job 
Confidential in- 
formation for 
this project 
needs to be de- 
stroyed, so on his break 
this pilot fish decides to 
feed the shredder. “The 


what I was doing and 


spend their time doing 


this,” reports fish. Give it : 
: ‘What are you doing?’ 


to an admin, says the 


prez. “Now, when Ineed | 
: all our work up!” So the 
: maintenance guy turns 
: everything back on and 
: says, ‘OK, you can back 
? up now. But after that, 
: I’m gonna have to work 
; on these lights.’ ” 


: Let’s Walk — 
: Through This 
and right away this IT pi- : 
: This user on the fre- 

: quent-caller plan tells 

: needs her password re- 
: set - again. User says 

: she’s having trouble re- 
: membering the compli- 
: cated passwords re- 

: quired by a new IT poli- 
: cy. Have you considered 


a break, | play games 
and let someone else 
shred documents,” fish 
says. “The president is 
happier this way.” 


Go Team! 
Notoriously clueless 
sales VP complains that 
his mouse doesn’t work, 


lot fish can see why. “He 
put tape on the bottom 
of the optical mouse be- 
cause he thought the 
laser would damage his 
eyes,” fish grumbles. 
“He didn’t understand 
why the mouse wouldn't 
work after that. After 
secretly taking off the 


tape, | told him the prob- : 
: down and hiding it 

: “Yes,” says user. “I 

: wrote it down yesterday 
: and put it in my shoe, 

: but I'm wearing a differ- 


lem was his mouse pad 
for a college basketball 
team | disliked.” 


Gee, Thanks 
It’s late in the day, and 


SHARK 
TANK 


: walks in. “Without say- 
: ing a word, he pulls the 
? main power switch,” 

president walked by, saw : 
: fish on the scene. “Need- 
said developers shouldn't : 
? panic - the kids just lost 


doing home- 
work in the 
computer lab 
when a main- 
tenance man 


says a net admin pilot 
less to say, there’s a 


all their homework. 


they say, “We didn’t back 


Again... 


writing your password 


FEED THE SHARK! Send your true tales of IT life to 


issues aside, would Microsoft donate those weapons of mass DoStruc- 
the ongoing cost of virus research 
and all the bandwidth required to 
regularly push virus definitions to 
hundreds of millions of Windows 


sharky@computerworld.com. You snag a snazzy 
Shark shirt if we use it. And check out the daily feed, browse 
the Sharkives and sign up for Shark Tank home delivery at 


computerworld.com/sharky. 


FRANK HAYES, Computer- 
world’s senior news colum- 
nist, has covered IT for more 

than 20 years. Contact him at 
frank_hayes@computerworld.com. 


tion — maybe the only ones. 
Education may not be much. But 
until we come up with a better 


idea, it’s all we’ve got. @ 44569 





lime is money. So it’s important to get new business software up and running quickly. Which is why SAP’ solutions built on the 


SAP NetWeaver plattorm make so much sense. Because they're designed with fast implementation in mind, you can see business results quickly 


Visit sap.com/speed or call 800 880 1727 to sec how fast SAP can make things happen for your company 





Faster than Verizon. 
Faster than Sprint PCS. 
Faster than Cingular. 
Faster than T-Mobile. 
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on the wireless service America trusts 


reachout — Atel Wireless 





